GDPR compliance

1. Our commitment

We apply GDPR principles at every step of our activity:

• Lawfulness, fairness, transparency: we explain clearly what we do with data
• Purpose limitation: data is used only for the purposes described
• Data minimisation: we collect only what is strictly necessary
• Accuracy: you can correct your data at any time
• Storage limitation: data is not retained longer than necessary
• Integrity and confidentiality: encryption, controlled access, regular audits
• Accountability: we document all our decisions and maintain a record of processing activities

2. Your rights

You have the following rights over your personal data:

Right of access

Obtain confirmation that data concerning you is (or is not) being processed, and obtain a complete copy.

Right of rectification

Have any inaccurate or incomplete data corrected. Most fields are editable directly in your account.

Right to erasure ("right to be forgotten")

Request deletion of your data when no longer necessary, when you withdraw consent, or if processing is unlawful. Some data may be retained to comply with a legal obligation (e.g. invoices for 10 years).

Right to restriction

Request a temporary freeze on a contested processing while accuracy is verified.

Right to data portability

Retrieve your data in a structured, commonly used, machine-readable format (CSV, JSON) to transfer it to another service.

Right to object

Object to processing based on legitimate interest, or to any direct marketing (objection to marketing is unconditional).

Automated decisions

invico uses AI to generate quotes, but these decisions have no legal effect on you: you remain in control of the final quote, which you can review, edit or reject before sending.

3. How to exercise your rights

Most actions are available directly from your account (export, deletion, modification). For other requests:

• Email: tomwallyntel@gmail.com (subject: "GDPR request")
• Mail: DPO postal address

We respond within one month, extendable by two months for complex requests (you will be informed of the reason). An identity check may be required if we have a reasonable doubt.

This is free of charge, except for manifestly unfounded or excessive requests (notably repetitive ones).

4. Data Protection Officer

Our Data Protection Officer (DPO) is:

DPO name or external firm
Email: tomwallyntel@gmail.com (subject: "DPO")

5. Subprocessors and transfers

A detailed list of subprocessors and the legal bases for any transfers outside the EU is in the privacy policy.

We favour European providers whenever possible. When a subprocessor is located outside the EU, we rely on Standard Contractual Clauses approved by the European Commission and on the Data Privacy Framework where applicable.

6. Complaint to the supervisory authority

If you believe your rights are not being respected, you may file a complaint with the French data protection authority (CNIL):

• Website: cnil.fr/en/plaints
• Address: 3 Place de Fontenoy, 75007 Paris, France
• Phone: +33 1 53 73 22 22

If you live in another EU country, you may also contact the supervisory authority of your country.

7. AI model transparency

invico uses artificial intelligence models (voice transcription, quote generation). These models are provided by third-party vendors: OpenAI, Anthropic or other.

Data sent to the models is not used to train them — we systematically enable the "no training" / "zero data retention" options when available. Voice files and transcriptions are deleted on the vendor side after a short period (typically 30 days).