Privacy Policy
1. Who are we?
The website compass34.com (hereinafter "the Site") is published by 34 elements, registered office: 13000 Aix-en-Provence, France – RCS 914548219.
Contact: contact@34elements.com
Data controller: 34 Elements
2. What data do we collect?
| Category | Examples | Collection |
|---|---|---|
| Identification data | name, surname, professional email, phone | contact form, account creation |
| Professional data | company, position, sector, workforce | product onboarding |
| Diagnostic data | questionnaire responses, scores, comments | platform usage |
| Navigation data | pages visited, cookie IDs, IP addresses | technical & analytics cookies |
| Billing data | postal addresses, payment history | subscription purchases, Stripe |
We do not collect any sensitive data within the meaning of Article 9 GDPR (ethnic origin, political opinions, health, etc.).
3. Why do we collect them? (Purposes & legal bases)
| Purpose | Legal basis | Details |
|---|---|---|
| User account creation and management | Contract execution | Platform access, support |
| Provision of diagnostic & recommendation service | Contract execution | Score calculation, report generation |
| Billing & accounting | Legal obligation | 10-year retention (CGI, art. L123-22 C. com.) |
| B2B prospecting and marketing content | Legitimate interest | Inform our clients of relevant updates (opt-out possible) |
| Audience analysis and product improvement | Consent (cookies) | Self-hosted Matomo (anonymized IPs) |
| Security and fraud prevention | Legitimate interest | Server logs, abnormal access detection |
4. How long do we keep them?
| Data type | Retention period |
|---|---|
| Account, diagnostic, in-app history | 3 years after last activity, then anonymization |
| Billing (invoices, payments) | 10 years (tax obligations) |
| Security logs | 12 months |
| Analytics cookies | 13 months maximum |
| Marketing emails (opt-in) | Until unsubscription or 3 years after last click |
5. Who can access them?
34 Elements staff (restricted access, confidentiality clause).
GDPR-certified subcontractors:
- Stripe Payments Europe (payments – Ireland)
Competent legal authorities (upon request).
No sharing with third parties for commercial purposes.
6. Your rights
In accordance with GDPR and "Data Protection" law:
- Access to your data
- Rectification or update
- Erasure ("right to be forgotten")
- Limitation or objection to processing
- Portability (export in structured format)
- Post-mortem directive on the fate of your data after death
Exercise them by email: contact@34elements.com
Response within 30 days; possibility of complaint to the CNIL (cnil.fr).
7. Security
- TLS 1.3 encryption on all traffic.
- Data at rest encrypted (AES-256).
- Strong authentication (2FA) available for admin accounts.
- Annual code review and penetration testing.
8. Cookies & trackers
On first visit, a banner allows you to:
- Accept all cookies
- Customize (analytics, ads, etc.)
- Refuse non-essential cookies
Cookies used:
Technical (session, language preference) – essential deposit.
9. Transfers outside EU (United States)
Our US subcontractors (Stripe) operate under standard contractual clauses (SCC 2021/914) and additional measures (encryption, pseudonymization).
10. Minors
Compass 34 exclusively targets a professional audience (18+). No voluntary processing of children's data.
11. Policy updates
We may modify this policy to reflect legal or functional evolution of the service. The updated version is accessible in the footer; check it regularly.
Last update: 7/17/2025