The website (hereinafter the “Site”) is the property of HarfangLab, whose registered office is at Tour Campus Cyber, 5-7 rue Bellini, 92800 Puteaux.

E-mail: contact (@) / Publication manager: Mr. Grégoire Germain.‍


This website is hosted by an external service provider (OVH). Personal data collected on this website is stored on the host’s servers. This may include IP addresses, contact requests, metadata and communication data, contractual data, contact details, names, website access and other data generated by a website. The use of the hosting provider is for the purpose of fulfilling the contract with our potential and existing customers (art. 6 al. 1 lit. b GDPR) and in the interest of secure, fast and efficient provision of our online offering by a professional provider (art. 6 al. 1 lit. f GDPR). Our hosting provider will only process your data to the extent necessary to fulfill its performance obligations and will follow our instructions with regard to this data.


HarfangLab may, at any time and without notice, make improvements or changes to the products, programs or services presented on this site. Any total or partial reproduction, representation, modification, publication, transmission or distortion of the site or its content, by any process whatsoever, and on any medium whatsoever, is prohibited. Any unauthorized use of the site or its content, or of the information disclosed therein, will incur the user’s liability and constitute an infringement punishable under articles L 335-2 et seq. of the French Intellectual Property Code. The same applies to any databases appearing on the Site, which are protected by the provisions of the July 1, 1998 law transposing the European Directive of March 11, 1996 on the legal protection of databases into the Intellectual Property Code. As such, any reproduction or extraction will incur the user’s liability.

It is possible that the site gives access to other sites via hypertext links. As HarfangLab does not manage these sites, it has no control over their content. Consequently,supplier cannot under any circumstances be held responsible for the content of sites accessed in this way, or for any collection and transmission of personal data, installation of cookies or any other process designed to achieve the same ends, carried out by these sites.


HarfangLab takes the protection of your personal data very seriously. We treat your personal data confidentially and in accordance with the legal provisions on data protection and the following privacy policy.

1. Preamble and purpose

HarfangLab, as part of its business as a supplier EDR (Endpoint Detection and Response), is required to process the personal data of its contacts with its customers (the ” Customers “), prospects (the ” Prospects “) and service providers and suppliers (the ” Suppliers “), as well as those of Internet users who access its showcase website (the ” Internet Users “) (together, the ” Data Subjects “).

HarfangLab undertakes to process the personal data of Data Subjects in compliance with the applicable regulations, i.e. by date Regulation No. 2016/679 (EU) of April 27, 2016 known as the General Data Protection Regulation (“GDPR”), the French Data Protection Act of January 6, 1978 in its updated version (“LIL”) (the ” Applicable Regulations “).

In this respect, HarfangLab undertakes to respect its obligation of transparency and information towards Data Subjects by making this privacy policy available to them, the purpose of which is to inform them of the characteristics of the processing of personal data implemented by HarfangLab as part of the management of its relations with its customers, prospects and suppliers.

2. Definitions

Terms beginning with a capital letter are either defined herein or have the meaning given to them by the applicable Regulations, and in particular the RGPD, such as in particular the terms “Personal Data”, “Processing”, “Data Subjects”, “Controller”, “Subcontractor”, “Recipient” or “Data Breach”.

3. Identity of the data controller

HarfangLab, a société par actions simplifiée (simplified joint stock company) registered in the Paris Trade and Companies Register under number 839 045 697, whose registered office is at Tour Campus Cyber, 5-7 rue Bellini, 92800 Puteaux, acts as Data Controller for the processing of Data Subjects’ data implemented as part of the management of its relations with its customers, prospects and suppliers.

4. Recipients of Personal Data

HarfangLab may communicate the Personal Data of Data Subjects to Authorized Recipients subject to an appropriate obligation of confidentiality, which may be internal or external as appropriate:

  • Internal recipients are all members of HarfangLab’s staff whose duties, functions and missions justify that they process the Personal Data of Data Subjects (customer service, sales department, accounting department, etc.) for the sole purposes set forth in this Privacy Policy and within the framework of the technical and organizational measures implemented by HarfangLab to preserve the confidentiality and security of Personal Data detailed below;
  • External recipients are :
    • Any service providers or subcontractors that HarfangLab may use to manage relations with Data Subjects (e.g. website hosting provider for Internet users);
    • Entities responsible for HarfangLab’s consulting, auditing and financial control (statutory auditor, lawyer);
    • The administrative or judicial authorities within the framework of their attributions or any person authorized to meet a legal obligation to which Harfang is subject.

5. Rights of Persons Concerned

Statement of rights

In accordance with applicable regulations, Data Subjects have the following rights with respect to their personal data:

  • A right to request confirmation from HarfangLab that data concerning them is being processed, to obtain information on the characteristics of such Processing, to access such data and to request a copy thereof (right of access and copy);
  • A right to rectify or complete any data concerning them that is erroneous or obsolete (right of rectification);
  • A right to withdraw their consent at any time, provided that the Processing concerned is exclusively founded on this legal basis (right to withdraw consent);
  • A right to object to the Processing of their Personal Data implemented for prospecting purposes, in which case HarfangLab will comply with this request and will no longer process the data of the Person Concerned in order to send the Customer or Prospect commercial prospecting messages, but their Data may be retained if it is a Customer in a commercial relationship with HarfangLab otherwise (right to object to commercial prospecting and right to erasure where appropriate);
  • A right to obtain the limitation of Processing temporarily in the event of a request for rectification or opposition that HarfangLab analyses the request, which in practice means that the Personal Data is retained, but HarfangLab cannot process it (right to limitation) ;
  • A right to Data portability, i.e. a right to obtain from HarfangLab the restitution of the Personal Data they have communicated in a format of common use whenever the Processing is automated and based on consent or on the performance of a contract;
  • A right to formulate instructions concerning the Processing of their data after their death and to request HarfangLab to retain, delete or communicate their data to an expressly designated third party, it being specified that once HarfangLab becomes aware of the death of a Data Subject and in the absence of instructions from them, it undertakes to destroy their Personal Data, unless their retention proves necessary for evidential purposes or to meet a legal obligation (post mortem right).

How to exercise your rights

If the Data Subject wishes to exercise any of the aforementioned rights, he or she may contact HarfangLab by mail at the following address: HarfangLab, 5, rue Feydeau, 75002 Paris or by email at the following address: dpo (@)

The Concerned Party’s request must originate exclusively from the Concerned Party (unless a mandate has been duly given to a third party) and must be as clear and exhaustive as possible in order to enable HarfangLab to respond as quickly as possible, within one to three months depending on the level of complexity of the request.

HarfangLab may ask the Person Concerned to complete his or her request if it is not sufficiently precise, if the right he or she wishes to exercise is not easily identifiable or if he or she is unable to establish his or her identity, in which case HarfangLab may ask him or her to provide additional information and, in particular, proof of identity, which would be deleted after verification of his or her identity.

In addition, HarfangLab shall not be obliged to respond to the Data Subject’s request if it is manifestly unfounded or excessive, and in particular if it formulates requests that are repSMBtive or too complex to process and that would have the purpose or effect of destabilizing HarfangLab’s activities.

6. Security

HarfangLab implements the technical and organizational security measures it deems appropriate to preserve the confidentiality and security of the Personal Data it processes and to prevent their unauthorized destruction, loss, alteration or disclosure.

By way of example, the following measures have been implemented by HarfangLab and are documented in an information system security policy:

  • Hosting of Personal Data on servers located within the European Union on the soil of a member country;
  • Raising employee awareness, in particular through a Charter on the use of company data and IT resources;
  • User authentication systems with personal, secure access via robust, confidential and frequently changed user IDs and passwords;
  • Authorization management procedure (definition and review of authorization profiles according to employee profiles, delSMBon of obsolete accesses);
  • Access tracing, connection logging, incident management and, where applicable, encryption of certain Personal Data;
  • Regular internal audits and, where necessary, differentiated penetration tests to monitor and evaluate the effectiveness of security measures in place;
  • Physical security of premises (codes, keys and access badges).

When HarfangLab uses subcontractors, i.e. service providers to whom it has delegated all or part of a Processing operation and who process the Personal Data of Data Subjects in accordance with its instructions, HarfangLab undertakes to contractually impose on them security guarantees similar to those it implements to protect their Personal Data and reserves the right to audit them to ensure compliance with their obligations.

In the event of a Data Breach, HarfangLab undertakes to notify the CNIL under the conditions prescribed by the RGPD and, if the said breach poses a high risk to the Data Subjects, to notify them and to provide them with the necessary information and recommendations, where appropriate.

7. Updating this policy

HarfangLab may modify, supplement or update this policy at any time to take account of changes in legislation, regulations and/or case law, changes in the characteristics of the Processing or the implementation of a new Processing. Any new version of this policy will be brought to the attention of Data Subjects by any means HarfangLab chooses.

8. Contacts

Concerned Individuals may direct any questions, complaints, recommendations or comments regarding this policy to HarfangLab in writing at the following address:

By post: HarfangLab, 5, rue Feydeau, 75002 Paris

By email: dpo (@) / security (@)

Data Subjects may also contact CNIL with any questions or complaints they may have at the following address: Service des plaintes de la CNIL, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by telephone at or online on the CNIL website.