Privacy Policy

1. Data Controller

The data controller responsible for your personal data is:

BM Development Consulting
26 Avenue de la Constellation
95800 Cergy, France
SIRET: 937 610 715 00016
Email: contact@bm-development-consulting.com
Phone: +33 6 05 63 35 74

2. Data We Collect

2.1 Information You Provide Directly

When you contact us through our website contact form or by email, we may collect:

• Identity data: Full name
• Contact data: Email address, phone number
• Professional data: Company name, job title, profile requirements
• Project data: Project details, technical requirements, budget information
• Communication data: Content of your messages and our responses

2.2 Information Collected Automatically

When you visit our website, we may automatically collect:

• Technical data: IP address, browser type and version, operating system, device type
• Usage data: Pages visited, time spent on pages, navigation paths, referring URLs
• Location data: General geographic location (city/country level) based on IP address

3. How We Use Your Data

We use your personal data for the following purposes:

3.1 Primary Purposes

• Service delivery: To respond to your inquiries, provide developer profiles, and deliver IT subcontracting services
• Contract management: To prepare proposals, negotiate contracts, and manage ongoing projects
• Client relationship: To communicate about projects, provide support, and maintain business relationships
• Administrative purposes: To manage invoicing, accounting, and legal obligations

3.2 Secondary Purposes

• Website improvement: To analyze website performance and improve user experience
• Marketing: To send relevant information about our services (only with your consent or legitimate interest)
• Legal compliance: To comply with legal obligations and defend our rights

4. Legal Basis for Processing

We process your personal data based on the following legal grounds:

• Consent: When you submit a contact form or subscribe to our communications
• Contractual necessity: To fulfill service agreements and business contracts
• Legitimate interest: To improve our services, maintain client relationships, and prevent fraud
• Legal obligation: To comply with accounting, tax, and other legal requirements

5. Data Sharing and Disclosure

We do not sell, rent, or trade your personal data. We may share your information with:

5.1 Service Providers

• Email service providers: For communication and marketing (e.g., FormSubmit.co)
• Web hosting providers: For website hosting and maintenance
• Analytics providers: For website performance analysis (if applicable)
• Payment processors: For invoicing and payment processing

5.2 Legal Requirements

We may disclose your data if required by law, court order, or to:

• Comply with legal processes
• Protect our rights, property, or safety
• Prevent fraud or illegal activities
• Respond to government or regulatory requests

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to the same privacy protections.

6. International Data Transfers

As we work with international clients and may use service providers outside the European Economic Area (EEA), your data may be transferred to countries that may not have equivalent data protection laws.

When transferring data internationally, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions recognizing equivalent protection levels
• Other appropriate safeguards as required by GDPR

7. Data Retention

We retain your personal data only for as long as necessary for the purposes outlined in this policy:

• Contact inquiries: 3 years from last contact (for potential future business)
• Client data: Duration of contract + 5 years (for accounting and legal obligations)
• Marketing data: Until you withdraw consent or 3 years of inactivity
• Website analytics: 26 months (standard for web analytics)

After retention periods expire, we securely delete or anonymize your data.

8. Your Rights Under GDPR

As a data subject in the European Union, you have the following rights:

8.1 Right of Access

You can request a copy of the personal data we hold about you.

8.2 Right to Rectification

You can request correction of inaccurate or incomplete personal data.

8.3 Right to Erasure ("Right to be Forgotten")

You can request deletion of your personal data in certain circumstances.

8.4 Right to Restriction of Processing

You can request that we limit the processing of your data in specific situations.

8.5 Right to Data Portability

You can request your data in a structured, commonly used, machine-readable format.

8.6 Right to Object

You can object to processing based on legitimate interests or for direct marketing purposes.

8.7 Right to Withdraw Consent

Where processing is based on consent, you can withdraw it at any time.

8.8 Right to Lodge a Complaint

You can file a complaint with the French data protection authority (CNIL):

CNIL (Commission Nationale de l'Informatique et des Libertés)
3 Place de Fontenoy - TSA 80715
75334 Paris Cedex 07, France
Website: www.cnil.fr

8.9 Exercising Your Rights

To exercise any of these rights, please contact us at:

Email: contact@bm-development-consulting.com
Subject line: "GDPR Rights Request"

We will respond to your request within one month. In complex cases, we may extend this period by two additional months.

9. Data Security

We implement appropriate technical and organizational measures to protect your personal data against:

• Unauthorized access or disclosure
• Accidental loss or destruction
• Malicious attacks or breaches
• Unlawful processing

Our security measures include:

• SSL/TLS encryption for data transmission
• Secure hosting infrastructure
• Access controls and authentication
• Regular security assessments
• Employee confidentiality agreements
• Data backup and recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

10. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies. For detailed information, please see our Cookie Policy.

Types of Cookies We May Use:

• Essential cookies: Required for website functionality
• Analytics cookies: To understand website usage and improve performance
• Functional cookies: To remember your preferences (e.g., language selection)

You can control cookies through your browser settings. Blocking cookies may affect website functionality.

11. Third-Party Links

Our website may contain links to third-party websites (e.g., LinkedIn, Calendly, Google Maps). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Children's Privacy

Our services are intended for businesses and professionals. We do not knowingly collect personal data from individuals under 18 years of age. If we become aware of such collection, we will delete the data promptly.

13. Changes to This Privacy Policy

We may update this privacy policy from time to time to reflect changes in:

• Our business practices
• Legal requirements
• Technology and security standards

We will notify you of significant changes by:

• Posting the updated policy on our website with a new "Last updated" date
• Sending an email notification to our clients and contacts (for material changes)

Continued use of our services after changes indicates your acceptance of the updated policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

We are committed to resolving any privacy concerns promptly and transparently.

This privacy policy is effective as of January 3, 2026 and complies with the General Data Protection Regulation (GDPR) and French data protection law (Loi Informatique et Libertés).