GDPR & Data Protection

Privacy Policy

Last updated: February 2026 — Compliant with GDPR (EU Regulation 2016/679)

Caast SAS is committed to protecting your personal data. This policy explains how we collect, use, store and protect your data, in accordance with the General Data Protection Regulation (GDPR) and applicable data protection law.

Table of Contents

  1. Data Controller
  2. Data We Collect
  3. Purposes and Legal Bases for Processing
  4. Recipients of Your Data
  5. Retention Periods
  6. International Data Transfers
  7. Your Rights
  8. Cookies and Trackers
  9. Data Security
  10. Contact Us

1. Data Controller

The data controller for personal data collected through the caast.tv website is:

Company Caast SAS
Address 165 avenue de Bretagne, 59000 Lille, France
Email Contact form
Data Protection Officer (DPO) Antoine Leclercq — Contact us

2. Data We Collect

We collect the following categories of personal data:

2.1 Data you provide directly

  • Contact / demo request form: first name, last name, professional email address, phone number, company name, industry, message
  • Newsletter subscription: email address
  • ROI calculator: e-commerce revenue (anonymous, non-identifying data)

2.2 Data collected automatically

  • Browsing data: IP address (anonymised), browser type, pages visited, session duration, traffic source
  • Cookies and trackers: see section 8. Cookies and Trackers
  • Technical data: device type, operating system, screen resolution

2.3 Data we do not collect

We do not collect any "special category" data as defined under Article 9 of the GDPR (political opinions, religious beliefs, health data, biometric data, etc.).

3. Purposes and Legal Bases for Processing

Processing contact / demo requests Performance of pre-contractual measures (Art. 6(1)(b) GDPR)
Sending the newsletter Consent (Art. 6(1)(a) GDPR)
Improving the website and measuring audience Legitimate interest (Art. 6(1)(f) GDPR)
Personalising content and advertising Consent (Art. 6(1)(a) GDPR)
Complying with legal obligations Legal obligation (Art. 6(1)(c) GDPR)
Managing the commercial relationship Legitimate interest (Art. 6(1)(f) GDPR)

4. Recipients of Your Data

Your personal data is accessible to authorised Caast SAS staff who need it to perform their duties.

We engage sub-processors and technical partners to operate our services. These partners process your data solely for the purposes defined by Caast SAS:

  • Hosting: OVHcloud SAS (Roubaix, France)
  • Audience analytics: Google Analytics 4 (Google LLC) — anonymised data
  • Video streaming: Mux Video / Mux Data (Mux Inc., United States) — SCCs V2 + DPF
  • Database: MongoDB Atlas (MongoDB Inc., Ireland) — hosted in the EU
  • File storage: Amazon Web Services (AWS, Luxembourg) — SCCs V2 + DPF
  • Data analytics: Google Cloud BigQuery (Google LLC, France) — EU multi-region
  • SMS: SMSFactor (France) — EU multi-region

We never sell, rent or otherwise transfer your personal data to third parties for their own commercial purposes.

5. Retention Periods

Contact / demo request data 3 years from the last interaction
Newsletter Until unsubscription
Browsing data (analytics cookies) Maximum 13 months
Customer data (contracts) 5 years after contract end (legal obligation)
Connection logs 12 months (legal obligation)

Upon expiry of these periods, your data is deleted or irreversibly anonymised.

6. International Data Transfers

Some of our sub-processors are established outside the European Economic Area (notably in the United States). In such cases, transfers are governed by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adherence to the EU–US Data Privacy Framework (where applicable)

You may obtain a copy of these safeguards by contacting us via our contact form.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

Right of access Obtain a copy of your data
Right to rectification Correct inaccurate data
Right to erasure Have your data deleted ("right to be forgotten")
Right to object Object to certain processing activities
Right to data portability Receive your data in a machine-readable format
Right to restriction Restrict processing of your data

To exercise these rights, contact us via our contact form or by post to our registered address. We will respond within one month.

If you believe your rights have not been upheld, you have the right to lodge a complaint with your national supervisory authority. In France: CNIL (Commission Nationale de l'Informatique et des Libertés) — www.cnil.fr — 3, place de Fontenoy, TSA 80715, 75334 Paris Cedex 07.

8. Cookies and Trackers

When you visit caast.tv, cookies and similar trackers may be placed on your browser. A cookie is a small text file stored on your device.

8.1 Strictly necessary cookies

These cookies are essential for the website to function. They cannot be disabled without affecting core functionality. No consent is required for these cookies.

8.2 Analytics cookies

Used to measure website traffic (visit counts, pages viewed, session duration). These cookies require your prior consent.

  • Google Analytics 4 — retention: 13 months — anonymised data

8.3 Marketing cookies

These cookies enable personalised advertising and conversion tracking. These cookies require your prior consent.

  • Google Ads — advertising conversion tracking
  • LinkedIn Insight Tag — LinkedIn campaign measurement

8.4 Managing your preferences

You can accept or decline non-essential cookies via the consent banner displayed on your first visit. You can also update your preferences at any time through your browser settings.

For more information on cookie management, visit the CNIL website: cnil.fr.

9. Data Security

Caast SAS implements appropriate technical and organisational measures to protect your personal data against:

  • Unauthorised or unlawful access
  • Accidental loss, destruction or alteration
  • Unauthorised disclosure

These measures include encryption of data in transit (HTTPS/TLS), strict access controls on databases, and regular backups.

In the event of a personal data breach likely to result in a high risk to your rights and freedoms, we will notify you without undue delay, in accordance with Article 34 of the GDPR.

10. Contact Us

For any questions about this privacy policy or to exercise your rights, please contact us:

Online Contact form
By post Caast SAS — Data Protection Department
165 avenue de Bretagne, 59000 Lille, France

We are committed to responding to any request within a maximum of one (1) month. This period may be extended by a further two months where requests are complex or numerous, in which case we will inform you accordingly.