About

Privacy Policy

Last update: 11/05/2026

Data Controller

ERYON SAS, a simplified joint-stock company registered with the RCS of Lille Métropole under the number 941078594, with its head office located at 41 rue Jacquemars Giélée, 59800 Lille, FRANCE, represented by Monsieur Hugo MOBIHAN, Président.

Data Protection Commitment

At ERYON, the protection of your personal data is at the heart of our concerns. As a French company developing sovereign solutions for the health sector, we commit to:

  • Strictly respect GDPR and French legislation
  • Host all data in France
  • Never transfer your data outside the European Union
  • Ensure the security and confidentiality of your information

Collected Data

When you reach out directly (email, phone)

  • First and last name
  • Professional email address
  • Company name
  • Position
  • Content of your message or request

Via the use of our services (EryonAgence)

  • Documents submitted for review (without personal health data)
  • Connection and usage data
  • Interaction history

Server-side technical logs

Our site embeds no client-side analytics tool (Google Analytics, Matomo, etc.) and no tracking cookie. Our web server (Nginx) does however keep standard technical logs — IP address, user agent (browser), URL visited, date/time, response code — for security purposes (intrusion detection, fraud prevention) and technical diagnostic. These logs are retained for 90 days then automatically deleted.

Purpose of Processing

Your data is collected for:

  • Responding to your contact and information requests
  • Providing our medical and regulatory review services
  • Ensuring the follow-up of the business relationship
  • Complying with our legal and regulatory obligations
  • Improving our services

Legal Basis

The processing of your data is based on:

  • Your consent (direct contact, booking a meeting)
  • Contract execution (use of our services)
  • Our legitimate interest (service improvement)
  • Compliance with legal obligations

Data Recipients

Your personal data is strictly confidential and is only accessible to:

  • Authorized internal teams of ERYON
  • Our technical subcontractors (hosting) subject to confidentiality obligations
  • HubSpot, Inc. (European datacenter, Germany): CRM and booking system (see dedicated section above)
  • Brevo (France): sending our transactional and commercial emails
  • 3DS Outscale (France): sovereign host qualified SecNumCloud 3.2 / ANSSI

We never sell, rent, or share your data with third parties for commercial purposes.

Data Retention

  • Contact data: 3 years after the last contact
  • Client documents: Immediate deletion after delivery of the review report
  • Contractual data: Legal accounting retention period (10 years)
  • Server-side technical logs: 90 days

Security

We implement appropriate technical and organizational measures:

  • Data encryption in transit (TLS 1.2+)
  • Data encryption at rest (AES-256)
  • Restricted access to data
  • Regular security audits
  • Staff training in data protection

Your Rights

In accordance with GDPR, you have the following rights:

  • Right of access: obtain confirmation of processing and a copy of your data
  • Right to rectification: correct inaccurate data
  • Right to erasure: request the deletion of your data
  • Right to restriction: limit processing in certain cases
  • Right to portability: receive your data in a structured format
  • Right to object: object to processing
  • Right to withdraw your consent at any time

To exercise these rights, contact us at: contact@eryon.eu

HubSpot platform (CRM and booking system)

Eryon uses HubSpot as its customer relationship management system (CRM). HubSpot, Inc. is the sole operator of this platform; its European servers are located in Germany (Frankfurt). Our Contact page also embeds a booking widget (HubSpot Meetings) that automatically feeds the CRM upon reservation.

Data stored in HubSpot

  • Identity: first name, last name
  • Contact details: email address, phone (if provided)
  • Professional context: company, role, industry (if provided)
  • Interaction history: meetings booked, conversations, internal commercial notes

Purpose

Eryon's commercial relationship management: initial contact, scheduling, opportunity tracking, interaction memory. No business review document is stored in HubSpot; only commercial contact data is.

Legal basis

Performance of pre-contractual measures taken at your request (Article 6.1.b GDPR) and Eryon's legitimate interest in maintaining a documented commercial relationship (Article 6.1.f).

Hosting and transfers

Your data is stored in HubSpot's European datacenter (Germany). HubSpot being a US company (HubSpot, Inc.), a transfer to the United States may remain technically possible for support and operational purposes. Such transfers are framed by the Standard Contractual Clauses adopted by the European Commission and by HubSpot's certification under the EU-US Data Privacy Framework.

Retention

Your data stays in our HubSpot CRM for the duration needed to manage the commercial relationship: 3 years maximum after the last active contact. After that period, data is deleted or archived in anonymous form.

Alternative

If you do not wish your data to go through HubSpot, you may contact us directly by email at %company_mail% or by phone. State your preference and we will handle your request outside the CRM.

HubSpot's policy

For more information on HubSpot's practices, see their privacy policy: legal.hubspot.com/fr/privacy-policy

Health Data

Important: ERYON does not process ANY personal health data. Documents submitted to our service must be previously anonymized. We do not collect, store, or process information that could identify patients.

International Transfers

In line with our sovereignty commitment, no business data (client documents, files to be reviewed, deliverables) is transferred outside France or the European Union. Booking data via HubSpot Meetings is hosted in HubSpot's European datacenter (Germany); a residual transfer to the United States may remain possible for operational purposes, framed by the Standard Contractual Clauses and the EU-US Data Privacy Framework (see dedicated section above).

Modifications

We reserve the right to modify this privacy policy. Any changes will be published on this page with the update date indicated.

Contact and Complaints

For any questions regarding this policy or your personal data:

  • Email: contact@eryon.eu
  • Mail: Eryon — Data Protection — 41 rue Jacquemars Giélée, 59800 Lille, FRANCE

In case of difficulties, you can also file a complaint with the CNIL: Commission Nationale de l'Informatique et des Libertés 3 Place de Fontenoy - TSA 80715 - 75334 PARIS CEDEX 07 https://cnil.fr/fr