Your privacy matters to us. DPO Advisors is a data protection consultancy. We hold ourselves to the highest standards when it comes to handling personal data — the same standards we help our clients achieve.
Who We Are
DPO Advisors (hereinafter "we", "us", or "the Company") is a data protection consultancy firm providing advisory services, outsourced Data Protection Officer (DPO) services, GDPR compliance solutions, and data privacy training.
| Detail | Information |
|---|---|
| Company name | DPO Advisors |
| Website | dpoadvisors.com |
| Registered address | 49 Rue de Ponthieu, 75008 Paris, France |
| contact@dpoadvisors.com | |
| Role under GDPR | Data Controller |
As a data controller, we are responsible for deciding how and why personal data about you is processed. This Privacy Policy explains what personal data we collect, how we use it, and what rights you have over it.
Personal Data We Collect
We collect personal data in various ways, including directly from you, automatically when you use our website, and occasionally from third parties. The categories of personal data we may process include:
| Category | Examples | Source |
|---|---|---|
| Identity data | First name, last name, professional title | You directly |
| Contact data | Email address, phone number, company address | You directly |
| Professional data | Job title, company name, industry sector | You directly / LinkedIn |
| Communications data | Emails, messages, meeting notes | Direct interactions |
| Technical data | IP address, browser type, pages visited, time on site | Automatically (cookies) |
| Contract data | Service agreements, invoicing information | You directly |
Note: We do not intentionally collect special category data (e.g. health, political opinions, biometric data). If you inadvertently share such information with us, we will delete it as soon as we become aware.
Purpose & Legal Basis for Processing
Under GDPR Article 6, we must have a valid legal basis for every processing activity. The table below outlines our purposes and the corresponding legal grounds:
| Purpose | Legal Basis (GDPR Art. 6) |
|---|---|
| Responding to enquiries and quote requests | Legitimate interest / Pre-contractual measures |
| Delivering contracted services (DPO services, audits, training) | Performance of a contract (Art. 6.1.b) |
| Sending invoices and managing payments | Legal obligation (Art. 6.1.c) |
| Sending newsletters or updates (if opted in) | Consent (Art. 6.1.a) |
| Improving our website and services | Legitimate interest (Art. 6.1.f) |
| Complying with legal and regulatory obligations | Legal obligation (Art. 6.1.c) |
| Defending legal claims | Legitimate interest (Art. 6.1.f) |
How We Use Your Data
We use your personal data strictly for the purposes stated above. More specifically, we may use it to:
- Respond to your contact requests, questions, or service enquiries;
- Establish, manage, and fulfil service contracts with you or your organisation;
- Issue invoices, manage billing, and process payments;
- Send service-related communications (project updates, deliverables, reports);
- Send informational newsletters or privacy law updates, where you have opted in;
- Analyse website usage in aggregate to improve the user experience;
- Comply with applicable laws and respond to lawful requests from authorities;
- Protect our legal rights and interests.
We will never use your data for automated individual decision-making or profiling that has legal or significant effects on you without your explicit consent.
Data Sharing & Third Parties
We do not sell, rent, or trade your personal data. We may share your data with third parties only in the following limited circumstances:
- Service providers: Cloud hosting providers, email platform providers, accounting software — who act as data processors on our behalf under strict data processing agreements;
- Professional advisors: Lawyers, accountants, or auditors, subject to confidentiality obligations;
- Regulatory authorities: When required to do so by law (e.g. French CNIL, tax authorities);
- Business transfers: In the event of a merger or acquisition, your data may be transferred to the new entity, with prior notice to you.
All third-party processors are contractually required to implement appropriate technical and organisational security measures and to process data only on our documented instructions.
International Data Transfers
Your data is primarily stored and processed within the European Economic Area (EEA). Where we use service providers located outside the EEA (e.g. certain cloud or analytics tools), we ensure adequate protection is in place through:
- The European Commission's adequacy decisions;
- Standard Contractual Clauses (SCCs) approved by the European Commission;
- Binding Corporate Rules where applicable.
You may request details of the safeguards applicable to any specific transfer by contacting us at contact@dpoadvisors.com.
Data Retention
We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, or as required by applicable law. Our general retention periods are:
| Data type | Retention period |
|---|---|
| Client contract & project data | 10 years after contract end (French commercial law) |
| Invoices & accounting records | 10 years (legal obligation) |
| Prospecting & pre-sales data | 3 years from last contact |
| Newsletter subscribers (opt-in) | Until unsubscription or 3 years of inactivity |
| Website analytics data | 13 months (CNIL guidelines) |
| Job applicant data | 2 years after last contact |
At the end of the applicable retention period, data is securely deleted or anonymised.
Your Rights Under GDPR
As a data subject under the GDPR, you have the following rights. We are committed to facilitating the exercise of these rights within 30 days of your request:
- Right of access (Art. 15): Obtain confirmation of whether we process your data and receive a copy of it;
- Right to rectification (Art. 16): Request correction of inaccurate or incomplete data;
- Right to erasure / "right to be forgotten" (Art. 17): Request deletion of your data when it is no longer necessary or where you withdraw consent;
- Right to restriction of processing (Art. 18): Request that we limit how we use your data in certain circumstances;
- Right to data portability (Art. 20): Receive your data in a structured, machine-readable format and transfer it to another controller;
- Right to object (Art. 21): Object at any time to processing based on legitimate interests or for direct marketing purposes;
- Right to withdraw consent: Where processing is based on consent, withdraw it at any time without affecting prior processing;
- Right to lodge a complaint: File a complaint with the French data protection authority, the CNIL (www.cnil.fr), or with any other EEA supervisory authority.
To exercise any of these rights, please contact us at contact@dpoadvisors.com. We may need to verify your identity before processing your request. There is no charge for exercising your rights, unless requests are manifestly unfounded or excessive.
Cookies & Tracking Technologies
Our website uses cookies and similar technologies. We distinguish between the following categories:
- Strictly necessary cookies: Essential for the website to function. No consent required.
- Analytics cookies: Help us understand how visitors interact with our website (e.g. Google Analytics). Activated only with your consent.
- Preference cookies: Remember your choices and settings. Activated only with your consent.
- Marketing cookies: We do not currently use marketing or advertising cookies.
You can manage or withdraw your cookie consent at any time via our cookie banner or by adjusting your browser settings. Withdrawing consent does not affect the lawfulness of prior processing.
For full details, please refer to our Cookie Policy.
Data Security
We implement appropriate technical and organisational measures to protect your personal data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure, or access. These measures include:
- Encryption of data at rest and in transit (TLS/SSL);
- Access controls and role-based permissions;
- Regular security reviews and penetration testing;
- Employee training on data protection best practices;
- Incident response procedures aligned with GDPR Article 33.
In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, as required by GDPR Article 34.
Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or regulatory guidance. When we make significant changes, we will:
- Update the "Last updated" date at the top of this page;
- Notify you by email if we hold your contact details and the change is material;
- Display a notice on our website where appropriate.
We encourage you to review this page periodically. Your continued use of our services after any changes constitutes acceptance of the updated policy.
This policy was last updated on March 4, 2026.
Get in Touch
Questions about this policy or about how we handle your data? Our team is here to help.