Get in touch
Legal

Privacy Policy

Thalafaro Consulting respects your privacy and is committed to handling personal data with care, proportion, and transparency. This policy explains what information we collect when you visit our site or engage with us, why we collect it, how we use it, and the rights you hold over it.

Last updated, 5 May 2026

01 Who we are

"Thalafaro Consulting" (also "Thalafaro", "we", "us", "our") is the controller of personal data collected through the Thalafaro Consulting website (the "Site") within the meaning of the EU General Data Protection Regulation (GDPR) and the French Data Protection Act.

For questions about this policy or about how we handle personal data, please contact us at hello@thalafaro-consulting.com.

02 What we collect

We try to collect as little personal data as possible, only what is needed to engage with you in good faith.

  • Information you provide. When you contact us through the Site, write to us by email, subscribe to updates, or apply for a role, you may share your name, organization, email address, phone number, and the content of your message or application.
  • Technical information. When you visit the Site, our hosting provider and analytics tools may automatically log standard technical data, IP address, browser type and version, device type, the pages you view, the date and time of your visit, and the referring page or search term.
  • Cookies and similar technologies. See section 04 for details.

03 Why we use it

We process personal data only where we have a clear lawful basis to do so under GDPR Article 6:

  • Legitimate interests, to respond to enquiries, maintain a record of correspondence, evaluate applications for engagements or roles, and operate and secure the Site.
  • Consent, for non-essential cookies and for any optional communications (e.g. newsletters), where you have opted in. You may withdraw consent at any time.
  • Legal obligation, where the law requires us to retain or disclose information (e.g. tax records, regulatory requests).
  • Performance of a contract, where you are a counterparty or representative of a counterparty to an engagement letter or other agreement with us.

We do not sell personal data, and we do not use it for advertising or profiling.

04 Cookies and similar technologies

The Site uses a small number of cookies and equivalent technologies. We group them as follows:

  • Strictly necessary, required for the Site to function (e.g. session, security, accessibility preferences). These do not require consent.
  • Analytics, used to understand which pages are read, how visitors arrive, and how the Site performs. We use only privacy-respecting analytics that aggregate data and do not build individual profiles. These cookies are set only with your consent.

You can withdraw analytics consent at any time through your browser settings. Most browsers also let you block, delete, or be alerted to cookies altogether, though doing so may affect parts of the Site.

05 Sharing with third parties

We do not sell, rent, or trade personal data. We share it only where strictly necessary, and only with parties that handle it under appropriate contractual safeguards. The categories include:

  • Service providers processing data on our behalf, for example our hosting provider, email service, and analytics provider. These act as data processors under our instructions.
  • Professional advisors, such as auditors, legal counsel, and insurers, where their advice or oversight requires it.
  • Authorities, where we are required to disclose information by law, regulation, or a binding order from a competent authority.
  • In case of corporate change, in the event of a merger, acquisition, or restructuring, personal data may be transferred under equivalent protections.

06 International transfers

Thalafaro Consulting works internationally, and some of our service providers may process data outside the European Economic Area. Where this is the case, we ensure transfers are protected by an adequacy decision of the European Commission, by Standard Contractual Clauses, or by another lawful transfer mechanism under GDPR Chapter V.

07 How long we keep it

We retain personal data only as long as needed for the purpose for which it was collected, plus any period required by law. As a guide:

  • Email correspondence and contact-form submissions: up to 36 months from the last interaction, unless an active engagement requires longer.
  • Engagement records and contractual documents: 10 years after the end of the engagement, in line with French commercial-law retention obligations.
  • Job applications: up to 24 months after the close of the role, unless you ask us to delete the file sooner.
  • Analytics data: aggregated; individual session data is retained no longer than 14 months.

08 Your rights

Under GDPR and French data-protection law, you have the right to:

  • Access the personal data we hold about you, and receive a copy.
  • Rectify data that is inaccurate or incomplete.
  • Erase data, where one of the GDPR grounds applies.
  • Restrict or object to certain processing, including processing based on legitimate interests.
  • Withdraw consent at any time, where processing is based on consent.
  • Receive your data in a portable, machine-readable format.
  • Lodge a complaint with the French data-protection authority, the CNIL, or another competent supervisory authority.

To exercise any of these rights, write to hello@thalafaro-consulting.com. We will respond within one month, in line with GDPR Article 12.

09 Security

We apply technical and organizational measures appropriate to the sensitivity of the data we process, encrypted transport (TLS), access controls, secure storage, and the principle of least privilege. No method of transmission or storage is perfectly secure, but we work to keep risk as low as is reasonable.

10 Children

The Site is not directed at children under 16, and we do not knowingly collect personal data from them. If you believe a child has shared data with us, please contact us and we will delete it.

11 Changes to this policy

We may update this policy as our practices evolve, as the Site changes, or as the law changes. The "Last updated" date at the top of the page reflects the most recent revision. For significant changes we will post a clear notice on the Site.

12 Contact

For privacy questions, requests under section 08, or to flag a concern, write to hello@thalafaro-consulting.com. We aim to respond within five business days for general questions, and within one month for formal rights requests.