Privacy Policy

Effective as of: May 2026 | GDPR Compliant

In Summary: ZEPHYR Intelligence collects only the data you voluntarily submit through the flight disruption exposure simulator form. We do not sell your data, do not use behavioral tracking cookies, and you can exercise your GDPR rights at any time.

1. Data Controller

Responsible Entity: ZEPHYR Intelligence

Legal Form: Simplified Joint-Stock Company (SAS)

Registered Office: 49 Boulevard Marius Vivier Merle, 69003 Lyon Part-Dieu

Data Protection Officer (DPO): dpo@zephyr-intelligence.com

General Contact: contact@zephyr-intelligence.com

2. Data Collected

Voluntarily Submitted Data

We collect only the information you explicitly provide in the "Simulate your exposure to flight disruptions" form:

Data Collected	Type	Example
First and Last Name	Identity Data	John Smith
Professional Email	Contact Data	john.smith@company.com
Company / Organization Name	Professional Data	Acme Corporation
Industry Sector (optional)	Context Data	Finance, Pharma, Tech, TMC, Other
Annual Traveler Volume	Quantitative Data	100-500, 500-1000, 1000+

Automatically Collected Technical Data

IP Address: Recorded in server logs for security purposes
Browser Information: Browser type, operating system (for compatibility optimization)
Date and Time of Visit: Timestamp of consultation
Pages Visited: Navigation path on the site

Data NOT Collected

ZEPHYR Intelligence does not collect:

GPS location data or precise geolocation
Biometric or medical data
Credit card numbers or banking data
Genetic data
Information about political or union affiliation

3. Purposes of Processing

Your data is used exclusively for the following purposes:

Purpose 1: Personalized Simulation and Analysis

We use your email and profile (sector, traveler volume) to:

Generate a personalized simulation of your exposure to flight disruptions
Create a customized PDF analysis document
Send you this PDF report by email

Legal Basis: Explicit consent when submitting the form

Purpose 2: Commercial Follow-up and Prospecting

With your consent, we may:

Contact you to propose a travel intelligence solution suited to your profile
Send you commercial information about our B2B services
Invite you to webinars or professional events

Legal Basis: Consent (explicit opt-in checkbox verification)

Purpose 3: Legal Obligations

We may process your data if required by law (court order, government inquiry, etc.).

Legal Basis: Legal obligation

4. Data Retention Period

Data Type	Retention Period	Reason
Simulation data (email, company, profile)	12 months from submission	Commercial follow-up and market analysis
Server logs (IP, pages visited)	30 days	Security and anomaly detection
Data after exercising rights	3 months after request	GDPR compliance
Archived data for legal purposes	Applicable legal period	Accounting/fiscal compliance

Upon expiration of these periods, data is automatically deleted or irreversibly anonymized.

5. Cookies and Trackers

Cookie Policy

No Behavioral Tracking Cookies: This site does not use:

Google Analytics, Matomo, or similar (analytics)
Facebook Pixel, LinkedIn Pixel, or third-party pixels (remarketing)
Session identification cookies (except for authentication if necessary)

Respect for Do Not Track (DNT)

If you have enabled the "Do Not Track" preference in your browser, we respect this preference and do not collect personalized navigation data.

Required Technical Data

To ensure site security and performance, we collect:

Access Logs: IP address, user-agent, timestamp (30-day retention, managed by Render)
Session UUID: Anonymous identifier of your visit (stored in sessionStorage; deleted on browser close)

6. Data Sharing and Disclosure

Internal Sharing

Your data is accessible only to ZEPHYR Intelligence team members who need it to:

Generate and send your simulation report
Manage commercial follow-up
Answer your questions

Transfers to Service Providers

We use the following third-party service providers to process your data:

Service Provider	Service	Data Transferred
Render Services Inc.	Web Hosting	All site data (logs, emails)
Postmark (email proxy)	Transactional Email Sending	Email, report PDF data
Neon (PostgreSQL)	Database	Simulation data

Sale or Transfer of Data

Your data is never:

Sold to third parties
Rented or exchanged
Used for behavioral profiling
Merged with other databases without explicit consent

International Transfers

Some service providers are based outside the EU (United States). We ensure these transfers comply with GDPR through Standard Contractual Clauses or recognized adequacy decisions.

7. Your GDPR Rights

In accordance with the General Data Protection Regulation (GDPR), you have the following rights:

Right of Access (Article 15)

You have the right to access all your personal data held by ZEPHYR Intelligence and obtain a copy in readable format.

Right of Rectification (Article 16)

If your data is inaccurate, outdated, or incomplete, you can request immediate correction.

Right to Erasure (Right to Be Forgotten, Article 17)

You can request complete deletion of your data, unless we have a legal obligation to retain it (e.g., accounting).

Right to Restrict Processing (Article 18)

You can request that we stop processing your data (without deleting it) while we examine your request.

Right to Object (Article 21)

You can object to:

Commercial prospecting (marketing emails)
Processing based on your profile (profiling)

Right to Data Portability (Article 20)

You can request that your data be provided in a structured, commonly used, machine-readable format (e.g., CSV, JSON) to transfer to another service.

Right Not to Be Subject to Automated Decision-Making (Article 22)

You have the right to require human intervention for any decision concerning you made solely on the basis of automated processing.

8. How to Exercise Your Rights

To exercise your GDPR rights:

Email Address: dpo@zephyr-intelligence.com

Mailing Address: 49 Boulevard Marius Vivier Merle, 69003 Lyon Part-Dieu

Response Time: Maximum 30 calendar days (extendable by 60 days for complex requests)

Your request must include:

Your full name
Your email address
The type of right you wish to exercise (access, rectification, deletion, etc.)
A clear description of your request
Proof of identity (copy of ID)

9. Data Security

Security Measures in Place

TLS/SSL Encryption: Data transmission encrypted (HTTPS)
Secure Storage: PostgreSQL database (Neon) with access controls
Authentication: Access limited to ZEPHYR Intelligence team
Security Logging: Monitoring of access and cyberattack attempts
Regular Backups: Automatic data backup

Responsibility in Case of Breach

In the event of unauthorized access or leakage of your personal data, ZEPHYR Intelligence commits to:

Notify you within 72 hours
Notify competent data protection authorities
Provide information necessary for you to take appropriate security measures

10. Changes to This Policy

ZEPHYR Intelligence reserves the right to modify this Privacy Policy at any time. Changes become effective upon publication on the site. If substantial changes are made, we will notify you by email at the address you provided.

Date of Last Update: May 2026

11. Complaint to Supervisory Authority

If you believe that ZEPHYR Intelligence's processing of your personal data violates GDPR, you have the right to lodge a complaint with the competent supervisory authority:

For European Union (GDPR):

Contact the data protection authority in your country. For France:

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, 75007 Paris, France
Phone: +33 (0)1 53 73 22 22
www.cnil.fr

Note: You may lodge a complaint with the supervisory authority without prejudice to other legal remedies.

Back to Home