VINGT · Personal data

Privacy policy

Last updated — May 19, 2026

Contents

  1. Data controller
  2. Data processed
  3. Purposes & legal bases
  4. Recipients & processors
  5. Transfers outside the EU
  6. Retention periods
  7. Cookies & trackers
  8. Your rights
  9. Security
  10. Changes

VINGT Consulting attaches particular importance to the protection of personal data. This policy explains, under the General Data Protection Regulation (GDPR, EU 2016/679) and the French Data Protection Act, what data is processed through vingtconsulting.com, why, by whom, for how long, and how to exercise your rights.

1. Data controller

The data controller is VINGT Consulting, a French sole proprietorship registered under SIRET 992 830 703 00011. Full contact details are listed in the legal notice.

For any question relating to personal data: hello@vingtconsulting.com. VINGT has not appointed a Data Protection Officer (DPO) — such designation not being mandatory given the nature and volume of processing carried out.

2. Data processed

The site collects or processes the following categories of data:

CategoryDataSource
Booking First name, last name, email, time zone, free-text reason for the meeting Provided voluntarily by the visitor through the embedded Cal.com module
Email exchanges Email address, message content, any attachments Sent voluntarily to hello@vingtconsulting.com
Language preference Cookie vingt-lang (value "fr" or "en") Set when a visitor manually changes the language
Technical data IP address, user-agent, HTTP headers (hosting provider logs) Automatically transmitted by the browser on each page load

No special-category data within the meaning of GDPR article 9 (origin, opinions, health, etc.) is collected. No advertising profiling or marketing cookie is used.

3. Purposes & legal bases

PurposeLegal basis
Respond to a contact request or schedule a meetingPre-contractual measures taken at the request of the data subject (GDPR art. 6.1.b) — or consent (art. 6.1.a) as applicable
Remember the visitor's language preferenceLegitimate interest in serving the interface in the right language (art. 6.1.f) — strictly necessary cookie
Ensure security, availability and maintenance of the siteLegitimate interest in protecting the infrastructure (art. 6.1.f)
Comply with legal and accounting obligationsLegal obligation (art. 6.1.c)

4. Recipients & processors

Data is processed by VINGT Consulting and, for technical operation of the site, by the following processors, each bound by a contract compliant with GDPR article 28:

ProcessorRoleCountry
Vercel Inc. Site hosting, logging, CDN delivery United States (SCCs + DPF)
Cal.com Inc. Embedded booking module (booker, calendar) United States (SCCs + DPF)

The fonts used on the site are self-hosted on the same origin: no request is made to Google Fonts or any other third-party font CDN. No data is sold or transferred for commercial purposes. Data is only disclosed to third parties in case of a legal requisition.

5. Transfers outside the European Union

Some of the processors listed above are established in the United States. Transfers of data to them are governed by:

  • The Standard Contractual Clauses (SCCs) approved by the European Commission (decision 2021/914);
  • Each recipient's adherence to the EU-US Data Privacy Framework, recognised as adequate by the European Commission's adequacy decision of 10 July 2023.

A copy of the applicable safeguards can be obtained on request at hello@vingtconsulting.com.

6. Retention periods

DataDuration
Email exchanges (prospect / contact)3 years from the last contact, per the French CNIL recommendation on B2B prospecting
Cal.com booking dataAs defined by Cal.com — see cal.com/privacy
Contractual and invoicing documents10 years (French accounting obligation, articles L.123-22 and L.102 B LPF)
Cookie vingt-lang13 months maximum (cleared after 1 year, in line with CNIL recommendations)
Technical logs (host)As defined by Vercel — see vercel.com/legal/privacy-policy

7. Cookies & trackers

The site uses no advertising cookies, no third-party analytics cookies and no marketing trackers.

Only one cookie is set:

NamePurposeDurationType
vingt-lang Remember the language chosen (FR or EN) so the visitor is no longer redirected automatically 1 year Strictly necessary — exempt from consent (CNIL deliberation no. 2020-091, art. 82 French Data Protection Act)

The Cal.com module, when loaded, may set functional cookies related to the booking session. These cookies fall under Cal.com's own policy (cal.com/privacy).

8. Your rights

Under articles 15 to 22 of the GDPR, you are entitled at any time to the following rights regarding your personal data:

  • Right of access — obtain confirmation that data concerning you is being processed and receive a copy;
  • Right to rectification — have inaccurate or incomplete data corrected;
  • Right to erasure ("right to be forgotten") — request the deletion of your data;
  • Right to restriction of processing;
  • Right to object to processing, including any prospecting;
  • Right to data portability to another controller;
  • Right to withdraw consent at any time when processing is based on it;
  • Right to define directives regarding the fate of your data after your death (art. 85, French Data Protection Act).

To exercise these rights, write to hello@vingtconsulting.com specifying your request. A response will be provided within one month (extendable by two months if necessary, GDPR art. 12.3).

If, after contacting VINGT, you believe your rights are not respected, you can lodge a complaint with the French Data Protection Authority — Commission Nationale de l'Informatique et des Libertés (CNIL), 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France — cnil.fr.

9. Security

The site is served exclusively over HTTPS (TLS) with HSTS preloading. Strict security headers are applied (CSP, X-Frame-Options, Permissions-Policy, Referrer-Policy, COOP/CORP). Data exchanged by email is encrypted in transit. Access to third-party tools is protected by two-factor authentication.

To report a vulnerability, see /.well-known/security.txt.

10. Changes

This policy may evolve to reflect legal, technical or organisational changes. The applicable version is the one published at vingtconsulting.com/privacy on the date of your visit. The last-updated date appears at the top of the page.