Stormshield SAS (also known as “Stormshield”, or “we” or “our”) appreciates your interest in our products, services and business sectors and your use of our websites, portals and “applications”. Your privacy is important to us and we want you to feel comfortable using our websites. The protection of your privacy and your personal data is an important concern to which we pay particular attention throughout our business processes. Personal data collected when using our encryption service for Google Workspace, also called SDS encryption service for Google Workspace or Stormshield Data Security encryption service for Google Workspace, are processed by us, in accordance with the legal regulations in the European Union.


Stormshield is committed to protecting the rights of individuals in accordance with the General Data Protection Regulation (reference EU2016/679) of the European Parliament and of the Council of April 27, 2016 relating to the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter referred to as: “GDPR”) as well as each of the national laws and regulations applicable to the protection of personal data (collectively referred to as “Data protection laws and regulations”).

This privacy notice will inform you of the personal data we collect when you complete the test form; when you access/use the service; how we use and disclose your data; how you can control the use and disclosure of your data; and how we protect your personal data.


What is personal data?

Personal data is information that can be used to identify a person directly or indirectly (hereinafter referred to as: "personal data". A "personal identifier" is information that can identify a person. This definition covers a wide range, personal identifiers can consist of personal data including name, address, email address, identification number, location data or online identifier.


What sources and what personal data do we use?

In the context of our contractual or commercial relationship, or in the context of access to and use of the Stormshield Site(s), we collect, use and process the Personal Data you provide where relevant, which may include the following categories of data:

  • Identification data: surname, first name, contact details (job title and function, professional telephone number, name of employer);
  • Professional data: email address, telephone number, company name, company address, company size;
  • Location data: country, city;
  • Computer data: IP address, log activities, user agent (browser fingerprint), date and duration of your visit to our sites, the pages you consult.


What are the purposes of the processing your Personal Data?

By using our Service, Stormshield collects and processes your Personal Data in accordance with this Privacy Policy. Your Personal Data may be used for the following purposes (hereinafter referred to as: the “Purposes”):

  1. Website Browsers / Administration

We use your personal data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide reports to potential partners, service providers, regulators and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners, and us; and to enforce our policies, guidelines and processes.

  1. Marketing

To the extent permitted by law, we may use your personal data for marketing and promotional purposes, including communications by email or other equivalent electronic means. For example, we use your personal data to send you news and newsletters, special offers, promotions and competitions or to contact you in order to inform you of our services or to send you information which we believe may of interest to you.

  1. Communications

We use your personal data to communicate with you. We may communicate with you in a variety of ways, including by email and through your social media accounts if you have consented, and/or by text message.

  1. Customer service

We use your personal data for customer service purposes, including to provide you with services, for technical support or other similar purposes and to provide you with tailored and personalized content and information based on your Stormshield product purchases; provide you with new updates; monitor the registration of your products; generate statistics on the deployment and use of our solutions...

  1. Research and development

We use your personal data for research and development purposes, including improving our websites, applications, services and customer experience and for other research and analytical purposes dedicated to improving our products and services.

  1. Legal compliance

We use your personal data to comply with applicable legal obligations, including to respond to an authority or court order or discovery request.

  1. To protect ourselves and others

When we deem it necessary to investigate, prevent or take action in relation to illegal activities, suspected fraud, a situation involving potential threats to the safety of persons, or breaches of regulations, guidelines and other procedures.

What is the legal basis for processing your personal data?

As a responsible company, we need a legal basis to collect and/or process your data. We generally rely on a number of grounds (reasons) for our business processing.

We process your personal data in accordance with the provisions set out in the GDPR and applicable data protection laws and regulations. The legal basis for the processing of your Personal Data is:

  1. Comply with contractual obligations

When you subscribe to a particular service through the Website, the purposes of processing your personal data are primarily determined by that service and we will process your information in order to be able to provide that service to you.

  1. Following your consent

Where you consent to the processing of your personal data by us for the service, you may withdraw this consent at any time by contacting us at the following address: For more information on your right of withdrawal, please see below the chapter "Am I obliged to provide my personal data?"

  1. Within the framework of a legitimate interest

In some cases, we may not need your consent to use your data, given our legitimate interest in doing so, but we must inform you of this; by way of example, this is particularly the case:

  • For the administration, management and performance of our business relationship, including accounting, auditing, contract performance.
  • For analysis and improvement of the website.
  • To ensure IT security (to detect security threats, fraud or other malicious or criminal activities) and the IT operation of Stormshield.
  • For the prevention and investigation of criminal acts.
  • To ensure effective communication and to keep you informed of the latest information on our services, solutions and/or commercial activities, events, marketing campaigns, market analysis or other promotional activities and to analyze and improve the quality of our services and communication with you.
  • To monitor compliance with our policies and standards.
  1. On the basis of Stormshield's legal obligations or in the general interest

Stormshield, like any other company, is subject to legal and regulatory obligations. In some cases, the processing of your Personal Data will be necessary for Stormshield to fulfill these obligations.


Who will receive your Personal Data?

  • Authorized persons working for or on behalf of Stormshield;
  • Stormshield, on a need-to-know basis, for the purposes described in this Privacy Policy;
  • Our agents, service providers (e.g. third party service providers supplying the variety of products and services we require, such as IT maintenance and support, provisioning services, logistics services, etc.) ;
  • Law enforcement or government authorities as necessary to comply with applicable law.
  • If you access our Services from a third-party application or connect our Services to a third-party application, you should also read that third-party application's Terms of Service and Privacy Policy.
  • If you are unsure about what information a Third Party Application shares with us, please visit the Third Party Application to learn more about its privacy practices.


Will your personal data be transferred to a third country outside the European Economic Area (EEA)?

Stormshield processes your Personal Data in the EEA.


To which countries will Stormshield transfer Personal Data?

Stormshield is based in Europe, we process and host personal information in Europe, more specifically in France and Germany.


How long will your personal data be stored?

If your personal data is no longer necessary for the performance of contractual or legal obligations, it will be regularly erased, unless further processing is necessary, for example, to preserve specific evidence under laws and regulations applicable in terms of data protection, or within the framework of the statutory limitation periods.

Operational logs can be kept for a maximum of 1 year.



We use technical and organizational security measures to protect the data under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorized persons. Our security procedures are continuously improved as new technologies become available.


What are your rights and how to exercise them?

You can exercise your data protection rights at any time:

  • Right of access/obtaining a report detailing the information held about you: You have the right to obtain confirmation of whether or not your Personal Data is being processed by Stormshield and, if so, what specific data is being processed.
  • Right to rectification of personal data: You have the right to modify any inaccurate personal data concerning you.
  • Right to be forgotten: In certain cases, for example when the Personal Data is no longer necessary with regard to the Purposes for which it was collected, you have the right to the erasure of your Personal Data.
  • Right to stop the processing of your data: You have the right to limit the processing of your Personal Data by Stormshield, for example when the processing is unlawful and you oppose the erasure of your Personal Data. In such cases, your personal data will only be processed with your consent or for the exercise or defence of legal claims.
  • Right to data portability: In certain circumstances provided by law, you have the right to receive Personal Data concerning you in a structured, commonly used and machine-readable format and/or to transmit such Personal Data to another data controller.
  • Right of opposition and withdrawal of consent: please see the section below "Am I obliged to provide my personal data?"


To exercise your data protection rights, please contact Stormshield in writing or by e-mail at the following address: or by writing to the address below, enclosing a copy of a document attesting to your identity.

Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France


Am I obliged to provide my Personal Data?

You can object to the processing of your Personal Data at any time or, where your consent is required, withdraw this consent by contacting us at However, please note that if you withdraw your consent, you may not be able to access and use certain information or features of the Service.


To what extent will decision-making be automated?

As a matter of principle, we do not use fully automated decision-making processes. In the event that we resort to such procedures in individual cases, we will inform you specifically, if this is prescribed by law, as well as your rights in this respect.


Will profiling take place?

As a matter of principle, your Personal Data will not be processed automatically for the purpose of evaluating certain personal aspects (profiling). In the event that we process your Personal Data for the purpose of profiling, we will specifically inform you of this, if required by law, and of your rights in this regard.


How can I contact Stormshield regarding my Personal Data?

If you are not satisfied with the way your Personal Data has been processed or if you have any questions regarding the processing of your Personal Data, you can first contact Stormshield's Data Protection Officer, available with any request or complaint, to the following email address: or you can write to the address below:

Stormshield, Data Protection Officer, 1 Place VERRAZZANO, 69009 LYON, France


Can I request assistance from the competent authorities?

If the answers provided are not satisfactory, you can then contact the French data protection authority directly: the Commission Nationale de l'Informatique et des Libertés (CNIL).


Modification of the privacy notice

Stormshield will periodically update this Privacy Policy to reflect changes in our practices and services and also to remain compliant with Data Protection Laws and Regulations. We will inform you of any substantial change in the way we process your Personal Data.


Last update: 12/07/2022