Privacy Policy

Hamlaoui & Co. is an IT consultancy registered in France (SIRET: 102 404 456 00018). We provide information systems auditing, cybersecurity, security automation, and enterprise SaaS development services to clients across Europe.

For all data protection matters, you can reach us at: [email protected]

When you contact us through this website, we collect the information you provide in the contact form: your name, company name, email address, and the content of your message.

We do not use tracking cookies, analytics cookies, or advertising trackers.

We do not collect any data beyond what you explicitly provide to us.

We use your contact information solely to respond to your enquiry and, where relevant, to manage our engagement with you as a client. We do not use your information for marketing purposes unless you have explicitly requested to receive communications from us.

Legal basis under GDPR: legitimate interest (responding to an inbound enquiry) and, for client relationships, the performance of a contract.

Contact form data is retained for as long as necessary to manage the enquiry — typically no longer than 12 months for non-clients. For active and former client relationships, data is retained for the duration required by applicable French commercial and accounting law (generally 10 years for contractual documents).

We do not sell, rent, or share your personal data with third parties for marketing or commercial purposes.

We may share data with sub-processors strictly necessary for operating our services (e.g. email delivery). All sub-processors are bound by data processing agreements and operate within the European Union or under adequate safeguards recognised by the GDPR.

As a data subject under the GDPR, you have the right to:

• —Access the personal data we hold about you
• —Request correction of inaccurate data
• —Request erasure of your data (where no legal retention obligation applies)
• —Object to or restrict processing
• —Request data portability
• —Lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), France's data protection authority

To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

We apply the same security standards to our own data handling that we recommend to clients. Communications are encrypted in transit. Access to contact data is restricted to team members who need it to manage the enquiry. We do not store payment card data.

We may update this Privacy Policy to reflect changes in our practices or applicable law. Material changes will be noted at the top of this page with an updated effective date. We encourage you to review this page periodically.