Privacy Policy

Privacy Policy

Privacy Notice – saveran.eu

WaveNexus (“we”, “us”, “our”) operates the website saveran.eu and provides a digital procurement solution that recommends digital service providers and solutions based on cost, sovereignty level and regulatory compliance. This Privacy Notice explains how we process personal data in connection with our website and services.

1. Controller and contact

The controller under the GDPR is:

WaveNexus, SAS
Registered with RCS Paris under number 944 047 075
Email (general contact): contact@saveran.eu
Email (privacy): dpo@saveran.eu

If you have any questions about this notice or your rights, you can contact us at dpo@saveran.eu.

2. Categories of data and purposes

We process the following categories of personal data for the purposes described below:

  • Identification and contact data (e.g. name, email address, company name, role)
  • Technical data (e.g. IP address, browser type, operating system, access date and time)
  • Usage data (e.g. pages visited, interactions with our website and services)
  • Account data (for registered users)
  • Communication data (content of messages you send us)

We use this data for:

  • Responding to contact requests and managing our relationship with you
  • Providing and improving our digital procurement solution
  • Managing user accounts and authentication
  • Sending newsletters and information about our services (where permitted)
  • Security, fraud prevention and troubleshooting
  • Compliance with legal obligations and defence of legal claims

3. Legal bases for processing

Depending on the context, we rely on the following legal bases:

  • Performance of a contract or pre‑contractual measures, in particular when you contact us to request information or when we provide our services to you or your organisation.
  • Legitimate interests, for example to ensure the security of our website, to understand how it is used, and to improve our services, provided that your interests and fundamental rights do not override our interests.
  • Consent, where required by law, for example for sending certain types of electronic marketing or, if applicable in the future, for specific analytics or tracking activities.
  • Compliance with legal obligations, for example bookkeeping and regulatory duties.

Where we rely on legitimate interests, our interest is in operating a secure and efficient B2B digital procurement platform and promoting our services to professional users in a proportionate manner.

4. Sources of data

We primarily obtain personal data directly from you when you:

  • Fill in our contact form on saveran.eu
  • Subscribe to our newsletter
  • Create and use an account on our platform
  • Communicate with us by email or other channels

We may also obtain technical and usage data through our analytics solution (Umami) and our hosting and email providers.

5. Recipients and processors

We only share personal data with third parties where this is necessary for the purposes described above or where we are legally obliged to do so.

In particular, we use:

  • Hosting provider: Scaleway, 8, rue de la Ville‑l’Évêque, 75008 Paris, France – hosting our infrastructure and data.
  • Email provider: Infomaniak (mail service), hosted in Switzerland – for email communications.
  • CRM system: Odoo – for managing B2B relationships, leads and customers.
  • Analytics: Umami – for privacy‑friendly usage analytics of our website.

These providers act as processors on our behalf or as independent controllers for parts of the processing. We conclude appropriate data processing agreements where required.

We do not sell your personal data.

6. International transfers

Our main processing activities take place in the European Union. We do not intend to transfer personal data to countries outside the EU/EEA except:

  • To Infomaniak in Switzerland, which benefits from an adequacy decision of the European Commission, so that personal data can flow there without additional safeguards.

If we use other providers outside the EU/EEA in the future, we will ensure that appropriate safeguards are in place, such as Standard Contractual Clauses, and will reflect this in the updated version of this notice.

7. Retention periods

We keep personal data only for as long as necessary for the purposes for which it was collected and in accordance with applicable legal requirements.

Unless a different period is expressly required by law:

  • Data collected via contact forms, CRM, newsletter and account usage is retained for up to 5 years from the last interaction with you or your organisation, or from the end of the contractual relationship.
  • Technical logs may be kept for shorter security‑related periods, typically a few months, unless an incident requires longer retention.
  • Where legal retention obligations apply (e.g. accounting documents), we retain the relevant data for the statutory period.

After the applicable retention period, data is deleted or anonymised.

8. Your rights

Under the GDPR, you have the following rights, subject to conditions and exceptions:

  • Right of access: obtain confirmation whether we process personal data about you and receive a copy.
  • Right to rectification: request correction of inaccurate or incomplete data.
  • Right to erasure: request deletion of your data, for example when it is no longer necessary for the purposes for which it was collected.
  • Right to restriction: request that we limit processing in certain situations.
  • Right to data portability: receive data you have provided to us in a structured, commonly used and machine‑readable format and transmit it to another controller where technically feasible.
  • Right to object:
    • to processing based on our legitimate interests, on grounds relating to your particular situation;
    • at any time to processing for direct marketing purposes.

Where processing is based on your consent, you may withdraw your consent at any time, without affecting the lawfulness of processing before withdrawal.

To exercise any of your rights, please contact us at dpo@saveran.eu. We may need to verify your identity before responding.

You also have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement. For France, this is the CNIL (www.cnil.fr), and for Germany, the competent Landesdatenschutzbehörde depending on the federal state.

9. Security

We implement appropriate technical and organisational measures to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access. However, no system can be completely secure, and residual risks always remain.

10. Obligation to provide data

When we ask you for personal data, some fields may be marked as mandatory. If you do not provide this data, we may not be able to respond to your request or provide our services.

11. Automated decision‑making

We do not use automated decision‑making, including profiling, that produces legal effects concerning you or similarly significantly affects you.

12. Updates to this notice

We may update this Privacy Notice from time to time to reflect changes in our processing activities or legal requirements. The updated version will be published on saveran.eu with a new “last updated” date.