Privacy Policy
Protecting your data
Last update: January 2026 • Reading time: 10 min
Introduction
CRITT MATÉRIAUX INNOVATION attaches great importance to the protection of your personal data and is committed to processing it in a transparent and secure manner, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.
This privacy policy describes how we collect, use, store and protect your personal data when you use our website www.critt-mi.com.
Personal data collected
Identification data
- First and last name (required)
- Email address (required)
- Phone number (optional)
- Company name and position (optional)
Navigation data
- IP address (pseudonymized for statistics)
- Browser type and version
- Pages visited and visit duration
- Connection date and time
Contact data
- Messages sent via our forms
- Attachments (documents, photos)
- Request type (contact, quote)
File security
All uploaded files are automatically analyzed by VirusTotal. Suspicious files are quarantined for 30 days.
Newsletter
- Email address (required)
- Registration date and confirmation (double opt-in)
- Sending history (opens, clicks - anonymized)
Processing purposes
| Purpose | Legal basis | Retention |
|---|---|---|
| Contact requests | Consent (Art. 6.1.a) | 3 years |
| Quote requests | Contract execution (Art. 6.1.b) | 5 years |
| Newsletter | Consent (Art. 6.1.a) | Until unsubscription |
| Statistics | Consent (Art. 6.1.a) | 13 months max |
| File security | Legitimate interest (Art. 6.1.f) | 30 days (quarantine) |
No automated profiling
We do not perform any automated decision-making or profiling with legal effects.
Data recipients
Your data is only accessible to authorized persons:
- Internal staff: Management, sales department, communication manager
- Technical subcontractors: host, analysis services (see Transfers section)
Your GDPR rights
In accordance with GDPR, you have the following rights regarding your personal data:
Right of access (Art. 15)
Obtain a copy of all your personal data
Right of rectification (Art. 16)
Correct your inaccurate or incomplete data
Right to erasure (Art. 17)
Request deletion of your data (right to be forgotten)
Right to data portability (Art. 20)
Receive your data in structured format (JSON)
Right to restriction (Art. 18)
Restrict processing of your data
Right to object (Art. 21)
Object to processing of your data
How to exercise your rights?
We respond within a maximum of 1 month. Proof of identity is required for verification.
Right to withdraw consent (Art. 7.3)
When processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of processing carried out before withdrawal.
Complaint to supervisory authority
If you believe your rights are not being respected, you can file a complaint with the CNIL (3 Place de Fontenoy, 75334 PARIS CEDEX 07, France).
Data security
We implement all appropriate technical and organizational measures to ensure the security of your personal data:
- HTTPS/TLS encryption for all communications
- Automatic antivirus scan (VirusTotal) of all uploaded files
- Secure hosting in France with IONOS (ISO 27001 certified)
- Regular backups and disaster recovery plan
- Restricted access to data (strong authentication, access logs)
- Pseudonymization of IP addresses for statistics
Subcontractors and transfers
Your data is hosted in France with IONOS. Some subcontractors may process data outside the EU, governed by Standard Contractual Clauses (SCC).
| Service | Purpose | Location |
|---|---|---|
| IONOS | Hosting | France (EU) |
| Google Analytics | Statistics | EU / USA (SCC) |
| VirusTotal | File security | EU / USA (SCC) |
No data sales
We do not sell, rent or exchange your personal data with third parties for commercial purposes.
Retention period
| Data type | Duration |
|---|---|
| Contact messages | 3 years after last exchange |
| Quote requests | 5 years (accounting obligations) |
| Newsletter - Active subscribers | Until unsubscription |
| Newsletter - Unsubscribed | 3 years (anti-recontact blacklist) |
| Analytical cookies | 13 months maximum |
| Cookie consents | 3 years (GDPR proof) |
| Suspicious files | 30 days (quarantine) |
Automatic deletion
Upon expiration of these periods, your data is automatically deleted or irreversibly anonymized.
Contact and data controller
In accordance with Article 37 of GDPR, CRITT-MI is not required to appoint a Data Protection Officer (DPO) as our activities do not involve regular large-scale monitoring of individuals. However, a data protection contact is available for any questions:
CRITT MATÉRIAUX INNOVATION
08000 Charleville-Mézières
Manage your preferences
You can modify your cookie choices and exercise your GDPR rights at any time