Privacy Policy
Last updated: May 21, 20251. Introduction
Miryel SAS (hereinafter "Miryel", "we", "us") is committed to protecting the privacy of users of its website miryel.fr and its platform. This policy describes the personal data we collect, why we process it, and the rights you have under the General Data Protection Regulation (GDPR) and applicable French data protection law.
This policy applies to the miryel.fr website and all services provided by Miryel. For platform clients, a separate Data Processing Agreement (DPA) supplements this policy.
2. Data Controller
Miryel SAS
[Address], 75000 Paris, France
DPO contact: dpo@miryel.fr
3. Data We Collect
a) Identification Data
When you request a demo or contact us: first name, last name, professional email address, company name, job title. This data is collected through our scheduling tool (Calendly) or by direct email.
b) Connection Data
When you visit miryel.fr: IP address, browser type, operating system, pages viewed, date and time of connection. This data is collected automatically by our servers.
c) Platform Data
For clients using the Miryel platform: the business data you connect to the platform remains your exclusive property. Miryel processes it solely to deliver the service, under the terms of a dedicated DPA. This data is never used for any other purpose.
4. Purposes and Legal Basis
| Purpose | Legal Basis | Data Involved |
|---|---|---|
| Responding to demo requests | Pre-contractual measures | Identity, email, company |
| Client relationship management | Performance of contract | Identity, email, company |
| Website improvement | Legitimate interest | Connection data |
| Platform service delivery | Performance of contract | Platform data (DPA) |
| Legal and tax obligations | Legal obligation | Billing, identity |
5. Data Recipients
Your personal data is accessible only to:
- Internal teams: Miryel sales, technical, and support teams, strictly within the scope of their duties.
- Subprocessors:
- Scaleway SAS (hosting, France/EU) — SecNumCloud qualified
- Calendly LLC (appointment scheduling, United States) — transfer governed by EU Standard Contractual Clauses (SCCs)
Miryel never sells, rents, or shares your personal data with third parties for commercial purposes.
6. International Transfers
Platform data and website hosting data are processed exclusively within the European Union, on Scaleway's SecNumCloud-qualified infrastructure.
The Calendly service, used for scheduling demos, is operated by a US-based company. This transfer is governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, pursuant to Article 46 of the GDPR. The data involved is limited to your name, email address, and appointment time slot.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Prospect data (demo requests, contact) | 3 years from last contact |
| Client data | Duration of contract + 5 years (statute of limitations) |
| Connection logs | 13 months (CNIL recommendation) |
| Billing data | 10 years (accounting obligations) |
| Platform data | Duration of contract, then deletion or return per DPA terms |
8. Your Rights
Under the GDPR, you have the following rights:
- Right of access: obtain confirmation that your data is being processed and receive a copy of it.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure: request deletion of your data, subject to legal obligations.
- Right to data portability: receive your data in a structured, machine-readable format.
- Right to restriction: restrict the processing of your data in certain circumstances.
- Right to object: object to processing based on legitimate interest.
- Right to withdraw consent: at any time, where processing is based on consent.
To exercise your rights, send your request to dpo@miryel.fr. We will respond within 30 days.
You also have the right to lodge a complaint with the French Data Protection Authority (CNIL): www.cnil.fr.
9. Cookies
The miryel.fr website uses only strictly necessary cookies for site operation (session management, display preferences, security). No advertising, profiling, or third-party tracking cookies are deployed.
In accordance with the ePrivacy Directive and CNIL guidelines, strictly necessary cookies are exempt from the prior consent requirement.
10. Security
Miryel implements appropriate technical and organizational measures to protect your personal data:
- Encryption in transit (TLS) and at rest
- Strict role-based access controls
- Hosting on SecNumCloud-qualified infrastructure
- Regular security audits
- Data access logging
11. Changes to This Policy
Miryel reserves the right to modify this policy at any time. In the event of a material change, we will notify users via the website. The date of the last update is indicated at the top of this page.
12. Contact
For any questions regarding the protection of your data:
Miryel SAS — Data Protection Officer
[Address], 75000 Paris, France
dpo@miryel.fr