1. Preamble
The purpose of this Privacy Policy is to inform users of the website www.wavetropy.com about the conditions under which their personal data may be collected, used, stored, and protected by COMA BERENICES, the publisher of the website and operator of the brand WaveTropy Labs.
This policy applies to anyone browsing the website, using its forms, exchanging with WaveTropy Labs, or accepting the placement of cookies and other trackers.
It is drafted in accordance with the General Data Protection Regulation (GDPR), the French Data Protection Act (Loi Informatique et Libertés), and applicable recommendations of the CNIL (French Data Protection Authority). The CNIL reminds notably that some cookies require prior information and consent before placement, while cookies strictly necessary for the site to function may be exempt from consent.
2. Data Controller
The controller of the personal data collected on the website is:
| Information | Detail |
|---|---|
| Company | COMA BERENICES |
| Brand operated | WaveTropy Labs |
| Legal form | Simplified joint-stock company (SAS) |
| SIREN | 940 217 094 |
| Registered office | 23 rue de la Forge Royale, 75011 Paris, France |
| Website | www.wavetropy.com |
| GDPR Contact | rgpd@wavetropy.com |
| Legal Contact | legal@wavetropy.com |
COMA BERENICES determines the purposes and means of processing carried out as part of the operation of the WaveTropy Labs website.
3. Personal Data Collected
When using the website, WaveTropy Labs may collect several categories of personal data.
| Category of Data | Examples of Concerned Data |
|---|---|
| Identification Data | Last name, first name, company, job title |
| Contact Data | Email address, phone number |
| Professional Data | Name of the organization, business sector, expressed need, type of project |
| Voluntarily Transmitted Data | Message sent via the form, documents or information communicated by the user |
| Technical Data | IP address, browser, terminal type, operating system, pages viewed |
| Cookie-related Data | Consent preferences, cookie identifiers, navigation statistics |
WaveTropy Labs does not ask users to transmit sensitive data under the GDPR, such as data relating to health, political opinions, religious beliefs, trade union membership, or sexual orientation.
If the user voluntarily transmits such information in a free text field, they do so under their sole responsibility. WaveTropy Labs reserves the right to delete this information when it is not necessary to process the request.
4. Methods of Collection
Personal data may be collected when the user:
| Situation | Potentially Collected Data |
|---|---|
| Browses the website | Technical data, cookies, navigation data |
| Accepts or configures cookies | Consent preferences, choices related to trackers |
| Fills in a contact or quote form | Identification data, contact data, project information |
| Checks a consent box | Proof of consent, date, accepted purpose |
| Exchanges via email with WaveTropy Labs | Email address, content of exchanges, documents transmitted |
| Requests the exercise of GDPR rights | Necessary data for processing the request |
Data is collected directly from the user, except for technical data generated automatically during navigation.
5. Purposes of Processing
Collected personal data is used for the following purposes:
| Purpose | Description |
|---|---|
| Managing Incoming Requests | Respond to messages, quote requests, commercial inquiries, or information requests |
| Project Qualification | Understand the expressed need, evaluate feasibility, prepare a commercial proposal |
| Commercial Relationship | Contact the user again, ensure exchange follow-up, suggest adapted services |
| Commercial Prospection | Send information, proposals, or communications relating to WaveTropy Labs services, where permitted |
| Contract Management | Prepare, conclude, or execute a quote, a contract, or a service |
| Website Security | Prevent abuse, intrusion attempts, spams, or fraudulent behavior |
| Audience Measurement | Understand site utilization, improve pages, optimize user experience |
| Cookie Management | Record, modify, and respect user preferences |
| Compliance with Legal Obligations | Answer accounting, tax, administrative, or regulatory obligations |
No personal data is used to make fully automated decisions producing legal effects for the user.
6. Legal Bases
Each processing is based on a legal ground provided for by the GDPR.
| Processing | Legal Basis |
|---|---|
| Responding to a request (form) | Execution of pre-contractual measures or legitimate interest |
| Commercial project qualification | Legitimate interest of WaveTropy Labs in developing its activity |
| Sending a requested commercial proposal | Execution of pre-contractual measures |
| Commercial prospection for individuals | Consent of the user |
| Commercial prospection B2B (professionals) | Legitimate interest, subject to the right to object |
| Placement of non-essential cookies | Consent of the user |
| Strictly necessary cookies | Legitimate interest or technical necessity |
| Website security | Legitimate interest |
| Retention of proof & legal obligations | Legal obligation or legitimate interest |
The CNIL specifies that B2B commercial prospection by email is subject to prior information and requires a clear possibility to object, while B2C prospection generally requires active prior consent.
7. Contact Form and Consent
When a user fills out a form on the WaveTropy Labs website, they may be asked to provide certain personal information necessary to process their request.
| Field | Purpose |
|---|---|
| Full Name | Identify the author of the request |
| Email Address | Respond to the request and continue the exchange |
| Phone | Recontact the user when necessary |
| Company | Understand the professional context of the project |
| Type of Project | Qualify the expressed need |
| Message | Analyze the request and prepare an adapted response |
| Consent Box | Collect the user's agreement for processing their data in a commercial scope |
By validating the form and checking the box provided for this purpose, the user acknowledges accepting that their data will be processed by WaveTropy Labs in order to be recontacted as part of their request, to receive a commercial answer, a service proposal, a quote, or any useful information relative to the submitted project.
Consent can be withdrawn at any time by writing to the following email address: rgpd@wavetropy.com.
Withdrawal of consent does not affect the lawfulness of processing based on consent before its withdrawal.
9. Categories of Cookies Used
Cookies used on the website can fall into the following categories:
| Category of Cookies | Purpose | Consent Required |
|---|---|---|
| Strictly Necessary Cookies | Operation of the site, security, display, session management | No |
| Preference Cookies | Remembering user choices, notably cookie preferences | Case by case |
| Audience Measurement Cookies | Traffic statistics, pages viewed, website performance | Yes, unless an exemption applies |
| Third-party Service Cookies | Possible integration of external content, analytical tools, or embedded services | Yes when required |
| Marketing or Commercial Cookies | Interaction tracking, campaign measurement, commercial personalization | Yes |
No non-essential cookie will be deposited before the user has expressed their consent when consent is required by applicable regulations.
10. Retention Periods
Personal data is stored for a limited period, proportionate to the purpose of processing.
| Category of Data | Indicative Retention Period |
|---|---|
| Simple contact requests | Up to 3 years after the last exchange |
| Commercial prospect data | Up to 3 years after the last active contact or last interaction |
| Client data | Duration of the contractual relationship, then archiving according to applicable legal obligations |
| Quotes, contracts, invoices, and accounting | Applicable legal durations, notably in accounting, tax, or contract matters |
| GDPR rights requests data | Time necessary for processing the request, then limited probationary archiving |
| Cookies and trackers | Duration compliant with applicable CNIL recommendations |
| Proof of consent | Duration necessary to demonstrate consent and comply with legal obligations |
Data is deleted, anonymized, or archived when active retention is no longer necessary.
11. Data Recipients
Collected personal data is intended for authorized persons within WaveTropy Labs and, when necessary, to technical providers or partners acting on behalf of COMA BERENICES.
| Recipient | Role |
|---|---|
| WaveTropy Labs Team | Processing of requests, commercial follow-up, project management |
| Website Host | Technical hosting and security |
| Technical Providers | Maintenance, form tools, e-mailing, analytics, security |
| Administrative or Legal Providers | Accounting, consulting, contractual or litigation management |
| Competent Authorities | Only when legally required |
Providers only have access to data to the extent necessary to perform their mission and must offer appropriate guarantees of confidentiality and security.
12. Hosting and Data Location
The website is hosted by OVH SAS, a French company with its registered office located at 2 rue Kellermann, 59100 Roubaix, France.
Data is, as far as possible, hosted within the European Union or with providers presenting GDPR-compliant guarantees.
In the event of a transfer of data outside the European Union, WaveTropy Labs ensures that appropriate safeguards are in place, in particular by using standard contractual clauses, adequacy decisions, or other mechanisms provided for by applicable regulations.
13. Data Security
WaveTropy Labs implements technical and organizational measures to protect personal data against destruction, loss, alteration, unauthorized disclosure, or unauthorized access.
| Measure | Objective |
|---|---|
| HTTPS Protocol | Secure exchanges between the user and the website |
| Access Control | Limit access to authorized persons only |
| Secure Hosting | Reduce risks of intrusion or data loss |
| Backups | Preserve the availability of necessary information |
| Technical Monitoring | Identify incidents or abnormal behaviors |
| Minimisation Principle | Only collect necessary data |
However, as no computer system can guarantee absolute security, WaveTropy Labs cannot guarantee the total absence of risk associated with the use of the Internet.
14. User Rights
In accordance with the GDPR and the French Data Protection Act, the user has the following rights:
| Right | Description |
|---|---|
| Right of Access | Obtain confirmation that data is processed and receive a copy |
| Right of Rectification | Request the correction of inaccurate or incomplete data |
| Right to Erasure | Request the deletion of certain data |
| Right to Restriction | Request temporary suspension of processing |
| Right to Object | Object to certain processing, notably B2B prospection |
| Right to Portability | Receive data in a structured format where applicable |
| Right to Withdraw Consent | Withdraw at any time a consent previously given |
| Post-mortem Directives | Define instructions regarding your data after death |
To exercise their rights, the user can write to the following address: rgpd@wavetropy.com.
The request must specify the right exercised, the identity of the requester, and the address for sending the answer. When necessary, WaveTropy Labs may request proof of identity to prevent unauthorized disclosure of personal data.
15. CNIL Complaint
If the user believes that their rights are not respected or that the processing of their personal data does not comply with applicable regulations, they can lodge a complaint with the CNIL.
The CNIL is the French supervisory authority responsible for ensuring compliance with personal data protection regulations.
16. Minors
The WaveTropy Labs website is primarily aimed at professionals, companies, project managers, developers, organizations, and users interested in the studio's technological services.
The website does not intend to voluntarily collect data concerning minors.
If a legal representative believes that data relating to a minor has been transmitted to WaveTropy Labs, they can request its deletion at: rgpd@wavetropy.com.
17. Modification of Policy
WaveTropy Labs reserves the right to modify this Privacy Policy at any time to take into account legislative, regulatory, technical, organizational, or functional developments on the site.
The applicable version is the one published on the site at the date of consultation by the user.
Last updated: May 17, 2026 // PRIV_SECURITY_STABLE_v1.0
