Back to Home
FR EN

Privacy Policy (GDPR)

A18G SaaS Platform by Marval

Last Updated: 27 février 2026

Article 1 – Preamble and Commitments

MARVAL is committed to protecting the privacy of its users and processing their personal data in compliance with Regulation (EU) 2016/679 of April 27, 2016 (GDPR) and the amended French Data Protection Act of January 6, 1978.

This policy describes how MARVAL collects, uses, stores, and protects personal data in connection with the provision of the Service. It applies to all processing carried out by MARVAL as a data controller or data processor.

Article 2 – Data Controller

The controller for the personal data of Clients and Users is:

  • MARVAL – SARL with a capital of €1,000
  • Registered Office: 3 rue des vignes – 75016 Paris, France
  • RCS: 944 029 180 Paris
  • Email: contact@a18g.com
  • Data Protection Officer (DPO): C.A. Morand

Article 3 – Data Collected and Purposes

3.1 Data Collected

As part of providing the Service, MARVAL processes the following categories of data:

  • Identification Data: last name, first name, professional email address, phone number;
  • Connection & Usage Data: IP address, connection logs, browsing data, user preferences;
  • Contractual & Billing Data: billing details, order history;
  • Business Data: any data entered or imported by the Client while using the Service.

3.2 Purposes and Legal Bases

The processing carried out by MARVAL pursues the following purposes:

  • Contract Performance (Art. 6.1.b GDPR): provision, management, and improvement of the Service; access management; technical support.
  • Legal Obligation (Art. 6.1.c GDPR): billing, accounting, and tax obligations; compliance with legal injunctions.
  • Legitimate Interest (Art. 6.1.f GDPR): security and maintenance of the Service; fraud prevention; anonymized usage statistics.
  • Consent (Art. 6.1.a GDPR): sending marketing communications and newsletters (revocable at any time).

Article 4 – Retention Periods

Personal data is kept only for the time necessary for the intended purposes:

  • Active Account Data: duration of the contractual relationship.
  • Data after Termination: 30 days to allow for export, followed by permanent deletion; contractual data is kept for 5 years for evidentiary purposes.
  • Connection Logs: 12 months in accordance with applicable regulations.
  • Billing Data: 10 years in compliance with accounting obligations.
  • Prospecting Data: 3 years from the last contact.

Article 5 – Data Recipients & Transfers

MARVAL may entrust certain processing activities to carefully selected sub-processors, bound by GDPR-compliant contractual clauses (e.g., EU hosting providers, PCI-DSS certified payment processors, ticketing tools). These sub-processors act strictly under MARVAL's instructions.

In the event of data transfers outside the European Economic Area (EEA), MARVAL ensures that appropriate safeguards are implemented, in particular through standard contractual clauses adopted by the European Commission, or to countries benefiting from an adequacy decision.

Article 6 – Data Security

MARVAL implements appropriate technical and organizational measures to ensure the security, confidentiality, and integrity of personal data, including:

  • Data encryption in transit (TLS/SSL) and at rest;
  • Strict role-based access control and authentication;
  • Access logging and anomaly detection;
  • Regular backups and disaster recovery planning;
  • Staff awareness and GDPR training.

In the event of a data breach likely to result in a risk to the rights and freedoms of data subjects, MARVAL undertakes to notify the CNIL within 72 hours and inform the affected individuals if necessary.

Article 7 – Rights of Data Subjects

In accordance with the GDPR, data subjects have the following rights regarding their data:

  • Right of Access (Art. 15): obtain confirmation of processing and a copy of the data;
  • Right to Rectification (Art. 16): correct inaccurate or incomplete data;
  • Right to Erasure (Art. 17): request data deletion, subject to legal retention obligations;
  • Right to Restriction (Art. 18): request processing limitation in certain circumstances;
  • Right to Data Portability (Art. 20): receive data in a structured, machine-readable format;
  • Right to Object (Art. 21): object to certain processing, specifically for direct marketing;
  • Right to Withdraw Consent: at any time, without affecting the lawfulness of prior processing.

To exercise these rights, individuals can send their request to dpo@marval.fr or by mail to the registered office. MARVAL undertakes to respond within one month. In case of an unsatisfactory response, individuals may file a complaint with the CNIL (www.cnil.fr).

Article 8 to 11 – Cookies, Data Processing Agreement & Contact

8. Cookies: The Service uses strictly necessary cookies (no consent required) and analytical/personalization cookies (subject to prior consent via the cookie banner).

9. MARVAL as a Data Processor: When the Client uses the Service to process personal data of their own clients or employees, MARVAL acts as a data processor (Art. 28 GDPR). MARVAL acts only on the Client's documented instructions. A Data Processing Agreement (DPA) can be concluded upon request.

10. Policy Modifications: MARVAL reserves the right to modify this policy. Any substantial modification will be notified to the Client at least 15 days before it takes effect.

11. Contact: For any questions regarding data protection, please contact contact@a18g.com or our DPO at the same address.

Contact Support