Privacy Policy - ShineBright

What is the purpose of our Privacy Policy?

SASU Voisin, operating as ShineBright, attaches great importance to the protection and confidentiality of your personal data, which we consider to be a guarantee of our professionalism and trustworthiness.

As such, our Privacy Policy clearly demonstrates our commitment to ensuring that SASU Voisin complies with the applicable rules on personal data protection, in particular the General Data Protection Regulation ("GDPR").

In particular, our Privacy Policy aims to inform you about how and why we process your personal data in connection with the services we provide to you.

Who is our Privacy Policy for?

Our Privacy Policy is intended for:

All users and visitors of the ShineBright website (https://shinebright.ai/)
Clients who engage our GTM (Go-To-Market) consulting services
Individuals who interact with us through our communication channels
Any person whose personal data we collect and process in the course of our business activities

Why do we process your personal data and on what basis?

We process your personal data for the following purposes:

Service Delivery & Client Management

To navigate our website, benefit from our services, and respond to your requests based on our terms and conditions and our legitimate interest in providing you with the best service.
To use and benefit from our GTM consulting services and AI implementation solutions based on our contractual agreements with you.
To manage client accounts and project workspaces (e.g., account creation, access to services, and account deletion) based on our terms and conditions.
To manage project documentation and communicate about your engagements based on our terms and conditions.

Communication & Support

To communicate with our customer support service via our customer service platform and chat based on our terms and conditions and our legitimate interest in responding to your requests and complaints in the best possible way.
To resolve any difficulties you may encounter when using our services based on our terms and conditions and our legitimate interest in resolving your issues.

Financial Management

To manage subscriptions, online payments, and billing based on our terms and conditions and our legitimate interest in obtaining compensation for the provision of our services.
To receive technical emails (e.g., password changes, etc.) that are essential to the proper functioning of our service based on our terms and conditions.

Service Quality & Security

To guarantee and enhance the security and quality of our services on a daily basis (e.g., statistics, data security, etc.) based on our legal obligations, our terms and conditions, our legitimate interest in ensuring the proper functioning of our services, and our legal and contractual obligations regarding the security of our services and the data we process.
To be able to upload and import documents onto our platform as necessary for service delivery based on our terms and conditions.
To send you satisfaction surveys or ask for your opinion on our services based on our legitimate interest in improving our services.

Marketing & Community

To receive our newsletter, marketing and commercial emails, and personalized information about our services, based on our legitimate interest in maintaining a relationship with our clients and prospects, allowing you to opt out at any time.
To organize webinars and engage our community based on our legitimate interest in retaining our clients and building our professional network.
To monitor and engage with our publications on social networks and video sharing platforms based on our legitimate interest in having a presence on these platforms.

Partnership & Affiliate Programs

To manage any affiliate or partnership programs based on applicable program terms and conditions.

Recruitment

To process applications for positions at SASU Voisin based on the discussions we have with you during the recruitment process and our legitimate interest in recruiting and selecting candidates and pre-contractual measures (employment contract).

Legal Compliance

To manage any disputes or pre-litigation, combat fraud or misuse of our services, or to comply with certain legal obligations incumbent upon us based on our legitimate interest in defending ourselves in the event of a claim or dispute, and legal obligations.

Your data is collected directly from you when you use our services or interact with us, and we undertake to process your data only for the reasons described above.

What personal data do we process and for how long?

We have summarized below the categories of personal data and their respective retention periods:

Professional identification data relating to account management (e.g., last name, first name, position, company, etc.) and contact details (e.g., email address and work phone number, etc.) are retained for the duration of the service provision, plus the legal limitation periods, which are generally five years.

Economic and financial data (such as bank details or billing information) retained for the time necessary to process the transaction and manage billing. This period may be extended in accordance with legal obligations, in particular for accounting purposes (10 years, or in the event of a dispute, 5 years). SASU Voisin only has access to the last four digits of your credit card number, the cardholder's name, and the expiration date for verification or identification purposes.

Marketing data collected for marketing and communication purposes is retained until you unsubscribe/object, or until your account is deleted.

Communication data relating to messages sent by you within our communication channels is kept for three years from the date of publication.

Affiliate/Partner data relating to your identification as an affiliate or partner of the company is kept for the duration of the commercial relationship. In addition, there are legal limitation periods, which are generally five years.

Newsletter subscriptions - Email addresses for receiving our newsletter are kept until you unsubscribe from the newsletter.

Connection data (e.g., logs, IP address, etc.) is kept for a period of one year.

Recruitment data provided in your resume/cover letter or digital equivalent will be retained for the duration of the recruitment process and for two years after the last contact, or when you request its deletion.

Cookies and trackers are generally retained for a period of 13 months (see our cookie policy for more information).

Upon expiry of the applicable retention periods, the deletion of your personal data is irreversible and we will no longer be able to communicate it to you after this period. At most, we may only retain anonymous data for statistical purposes.

Please also note that in order to protect ourselves in the event of a dispute, we are required to retain all data concerning you for the entire statute of limitations for legal action even after the expiry of the retention periods described above.

What rights do you have to control the use of your personal data?

The applicable data protection regulations grant you specific rights that you can exercise at any time and free of charge to control how we use your data:

Right to access and copy your personal data, provided that this request does not conflict with business secrecy, confidentiality, or the secrecy of correspondence.

Right to rectify personal data that is inaccurate, obsolete, or incomplete.

Right to request the erasure ("right to be forgotten") of your personal data that is not essential to the proper functioning of our services.

Right to restrict the processing of your personal data, which allows us to freeze the use of your data in the event of a dispute over the legitimacy of processing.

Right to data portability, which allows you to retrieve some of your personal data in order to store it or transfer it easily from one information system to another.

Right to give instructions on the fate of your data in the event of death, either through you, a trusted third party, or a beneficiary.

For a request to be taken into account, it must be made directly by you at maxence@shinebright.io.

Any request that is not made in this manner cannot be processed.

Requests cannot be made by anyone other than you or your duly authorized representative. We may therefore ask you to provide proof of identity or of your authorization or power of attorney if we have doubts about the identity of the person making the request.

We will respond to your request as soon as possible, within a maximum of three months of receipt, in the event that the request is technically complex or if we receive numerous requests at the same time.

Please note that we may always refuse to respond to any request that is excessive or unfounded, particularly if it is repetitive.

Who can access your personal data?

Your personal data is processed by our teams and our technical service providers for the sole purpose of operating our services.

We would like to point out that we carefully vet all our technical service providers before engaging them to ensure that they strictly comply with the applicable rules on personal data protection.

FURTHERMORE, WE GUARANTEE THAT WE WILL NEVER SELL YOUR DATA TO THIRD PARTIES.

Can your personal data be transferred outside the European Union?

The personal data processed through ShineBright is hosted exclusively on servers located within the European Union.

Furthermore, we do our utmost to only use technical tools whose servers are also located within the European Union. If this is not the case, we take great care to ensure that they implement the appropriate safeguards required to ensure the confidentiality and protection of your personal data.

How do we protect your personal data?

We implement the following technical and organizational measures to ensure the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

Our hosting systems benefit from systematic encryption, network partitioning, and strict role-based access control. Sensitive connections are logged, passwords are encrypted, and secure backups are performed regularly. Access to data is subject to rigorous authorization procedures, with enhanced authentication (MFA) and compliance with the principle of least privilege.

Our teams apply regular security patches, perform audits and security assessments, and monitor potential vulnerabilities. Confidentiality is contractually guaranteed, and all personnel receive regular training on GDPR and cybersecurity.

Finally, we continuously monitor the security status of our infrastructure and have implemented an incident management plan to protect your data in all circumstances.

Do we use cookies when you browse our website?

We inform you that we use cookies when you browse our website. For more information, please consult our Cookie Policy.

Who can you contact for more information about the use of your personal data?

You can contact us at any time, free of charge, at maxence@shinebright.io to obtain more information or details about how we process your data.

While we have not yet appointed a dedicated Data Protection Officer (DPO), we remain fully committed to protecting your personal data in accordance with GDPR requirements.

How can you contact the CNIL?

You can contact the "Commission nationale de l'informatique et des libertés" or "CNIL" at any time at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone on 01.53.73.22.22.

Can the Privacy Policy be modified?

We may modify our Privacy Policy at any time to adapt it to new legal requirements or to new processing methods that we may implement in the future. Any significant changes will be communicated to you through appropriate channels.