Privacy policy

Last update: May 28, 2026

Bodic SAS attaches great importance to the protection of your personal data. This policy explains what data we collect, why we process it, who we share it with and what your rights are, in accordance with the General Data Protection Regulation (GDPR) and the French Data Protection Act.

1. Data controller

The data controller is BODIC SAS, registered in the Bordeaux Trade and Companies Register, with its registered office in France.

Contact: contact@bodic.fr

Data Protection Officer (DPO): dpo@bodic.fr

2. Data we collect

We only collect data necessary for the services we provide:

  • Identity data: first name, last name, job title, company (when submitting a contact request, registering for Bodic Connect or for training).
  • Contact data: email address, phone number (optional), postal address (where applicable for billing).
  • Account data: login, hashed password, language preferences, login history, Bodic Connect account settings.
  • Technical usage data: IP address, browser type, pages visited, visit duration, video and podcast playback events. The recording of your IP address and browsing journey for audience measurement purposes is conditional on your explicit consent via the cookie banner. Without consent, no analytics cookie is set and no IP is kept.
  • Billing data: accounting items related to the purchase of training or your Bodic Connect subscription (payment data is processed by our payment provider, we never store your bank details).

3. Processing purposes

We use your data to:

  • Provide and administer Bodic services (Apps, Advisory, Learning, Connect).
  • Respond to your requests sent via the contact form or by email.
  • Send you our newsletters and professional communications (only if you have consented).
  • Manage billing, electronic signature of contracts and commercial follow-up.
  • Measure site usage and improve our content and services — only with your explicit consent via the cookie banner.

4. Legal basis for processing

  • Performance of a contract: to provide the services you have subscribed to (Bodic Connect, Learning, Advisory).
  • Consent: for sending newsletters and using non-strictly-necessary cookies.
  • Legitimate interest: for site security, fraud prevention and service improvement.
  • Legal obligation: for invoice retention and accounting compliance.

5. Recipients and processors

We never sell your data. We only share it with processors strictly necessary for the performance of our services, governed by GDPR-compliant contracts:

  • OVHcloud — website hosting and content storage (S3). (European Union)
  • Brevo — newsletter sending and subscription management. (European Union)
  • Yousign — electronic signature of client contracts. (European Union)
  • DeepL — automatic translation of multilingual content. (European Union)
  • PayPal — payment processing for Bodic Learning training only. (USA, governed by the EU–US Data Privacy Framework)

We may be required to transmit your data to judicial or administrative authorities upon legal request.

6. Retention periods

  • Contact requests: kept for 3 years after the last exchange for commercial follow-up purposes.
  • Bodic Connect accounts: kept as long as the account is active. Deleted or anonymised 3 years after the last login.
  • Newsletter subscription: kept until you unsubscribe or after 3 years without interaction.
  • Invoices and accounting data: kept for 10 years, in accordance with French accounting and tax obligations.
  • Technical and security logs: kept for a maximum of 12 months.

7. Transfers outside the European Union

Your data is hosted and processed within the European Union. When an occasional transfer outside the EU is necessary (e.g. via certain US processors such as PayPal), it is governed by the EU–US Data Privacy Framework or by standard contractual clauses adopted by the European Commission.

8. Your rights

In accordance with the GDPR, you have the following rights over your personal data:

  • Right of access: obtain a copy of the data we hold about you.
  • Right to rectification: correct or complete inaccurate data.
  • Right to erasure: request the deletion of your data, within the limits of our legal obligations.
  • Right to restriction: temporarily restrict the processing of your data.
  • Right to portability: retrieve your data in a structured, machine-readable format.
  • Right to object: object to processing based on legitimate interest or to direct marketing.
  • Right to lodge a complaint: file a complaint with the CNIL (French data protection authority), www.cnil.fr.

To exercise these rights, write to us at dpo@bodic.fr.

9. Cookies

We use a limited number of cookies. The first three (session, preferences, security) are strictly necessary for the proper functioning of the site. The fourth (audience measurement) is subject to your explicit consent via the banner displayed on your first visit:

  • Session cookies: maintaining your Bodic Connect login (deleted upon logout).
  • Preference cookies: storing your preferred language (duration 1 year).
  • Security cookies: CSRF anti-forgery token (session duration).
  • Audience measurement cookies: recording your visit (IP address, pages visited, duration) for internal statistical purposes — only set if you click "Accept" in the cookie banner. If you decline, no recording is made.

We do not use any advertising cookies or third-party behavioural tracking tools, and we never share any data for advertising purposes.

10. Security

We implement appropriate technical and organisational measures to protect your data: systematic HTTPS, password hashing, restricted access, logging of sensitive actions, regular backups and internal audits.

11. Changes to this policy

This policy may be updated at any time to reflect changes in our services or regulations. The date of the last update appears at the top of this page. In the event of substantial changes, we will inform you by email or via a banner on the site.