Privacy Policy

Effective date: April 1, 2026

Apopka Advisory SAS (“us”, “we”, or “our”) operates the www.apopka.eu website (hereinafter referred to as the “Service”).

This page informs you of our policies regarding the collection, use and disclosure of personal data when you use our Service and the choices you have associated with that data. We use your data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this policy.

This Privacy Policy is governed by Regulation (EU) 2016/679 (the “GDPR”) and the French Data Protection Act of 6 January 1978, as amended.

1. Definitions

Service: The www.apopka.eu website operated by Apopka Advisory SAS.
Personal Data: Data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession).
Usage Data: Data collected automatically either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).
Cookies: Small files stored on your device (computer or mobile device).
Data Controller: The natural or legal person who (either alone or jointly or in common with other persons) determines the purposes for which and the manner in which any personal information are, or are to be, processed. For the purpose of this Privacy Policy, we are the Data Controller of your Personal Data.
Data Processors (or Service Providers): Any natural or legal person who processes the data on behalf of the Data Controller. We may use the services of various Service Providers in order to process your data more effectively.
Data Subject (or User): Any living individual who is using our Service and is the subject of Personal Data.

2. Data Controller

The Data Controller responsible for the processing of your Personal Data is:

Apopka Advisory SAS

26 Avenue de la République, 75011 Paris, France

Email: advisory@apopka.eu

3. Information Collection and Use

We collect several different types of information for various purposes to provide and improve our Service to you.

3.1 Personal Data

While using our Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you (“Personal Data”). Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Organisation (company name)
Subject and content of your message
Cookies and Usage Data

3.2 Usage Data

We may also collect information on how the Service is accessed and used (“Usage Data”). This Usage Data may include information such as your computer’s Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

3.3 Tracking & Cookies Data

We use cookies and similar tracking technologies to track the activity on our Service and we hold certain information. Cookies are files with a small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. Other tracking technologies are also used such as beacons, tags and scripts to collect and track information and to improve and analyse our Service.

You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our Service.

The cookies we use fall into the following categories:

Strictly necessary cookies — required for the functioning of the Service (for example, to remember your cookie consent choice). Under article 82 of the French Data Protection Act, these do not require your prior consent.
Analytics cookies (Google Analytics 4, measurement ID: G-Z9D3Z8JH5P) — help us understand how visitors interact with our Service so we can improve it. These cookies are only set after you give your explicit consent through our cookie banner. We have configured Google Analytics with IP anonymisation enabled and Google Consent Mode v2.

You can change or withdraw your cookie consent at any time by clicking Cookie Settings in the footer of any page on the Service.

4. How We Use Your Data

Apopka Advisory SAS uses the collected data for the following purposes:

To respond to inquiries you submit through the contact form
To provide and maintain the Service
To analyse and improve the Service (only with your prior consent for analytics cookies)
To detect, prevent and address technical issues and security incidents
To comply with our legal obligations under applicable law

5. Legal Basis for Processing

Pursuant to article 6 of the GDPR, we process your Personal Data on the following legal bases:

Your consent (Art. 6(1)(a) GDPR) — for processing the contact form (which you accept by ticking the GDPR consent box) and for analytics cookies (which you accept through the cookie banner).
Our legitimate interests (Art. 6(1)(f) GDPR) — for the security and proper functioning of the Service, and for preventing fraud and abuse.
Compliance with legal obligations (Art. 6(1)(c) GDPR) — where processing is required by applicable law.

6. Data Sharing and Recipients

Your Personal Data is accessed only by authorised personnel of Apopka Advisory SAS. We may share your data with the following Service Providers acting as Data Processors on our behalf:

FormSubmit (Strict Web LLC, United States) — processes contact form submissions and forwards them to our email address.
Google LLC (Google Analytics) — provides website analytics. Activated only after your consent.
IONOS SE (Germany) — hosts our website.

We do not sell, rent or trade your Personal Data to any third party.

7. International Data Transfers

Some of our Service Providers (FormSubmit, Google) are based outside the European Economic Area (EEA), in the United States. Where Personal Data is transferred outside the EEA, we ensure that appropriate safeguards are in place, in accordance with chapter V of the GDPR, including:

The EU–US Data Privacy Framework (where the recipient is certified)
Standard Contractual Clauses adopted by the European Commission
Your explicit consent (Art. 49(1)(a) GDPR), where applicable

8. Data Retention

We retain your Personal Data only as long as necessary for the purposes set out in this Privacy Policy:

Contact form submissions: up to 24 months from your last interaction with us.
Analytics data: up to 14 months (the default Google Analytics retention period).
Server logs: up to 12 months for security and troubleshooting purposes.

After these periods, your data is either deleted or anonymised so that you can no longer be identified.

9. Your Rights

Under the GDPR, you have the following rights regarding your Personal Data:

Right of access (Art. 15) — to obtain confirmation of whether we process your data and a copy of it.
Right to rectification (Art. 16) — to have inaccurate or incomplete data corrected.
Right to erasure ("right to be forgotten", Art. 17) — to have your data deleted in certain circumstances.
Right to restriction of processing (Art. 18) — to limit how we use your data.
Right to data portability (Art. 20) — to receive your data in a structured, commonly used and machine-readable format.
Right to object (Art. 21) — to processing based on our legitimate interests.
Right to withdraw consent (Art. 7) — at any time, without affecting the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at advisory@apopka.eu. We will respond within one month of receiving your request, in accordance with article 12(3) of the GDPR.

10. Right to Lodge a Complaint

Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with the French data protection supervisory authority:

CNIL — Commission Nationale de l’Informatique et des Libertés

3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France

Phone: +33 (0)1 53 73 22 22

Website: www.cnil.fr

11. Security

The security of your data is important to us, but please remember that no method of transmission over the Internet, or method of electronic storage, is 100% secure. While we strive to use commercially acceptable means to protect your Personal Data, we cannot guarantee its absolute security.

12. Children’s Privacy

Our Service is not directed at anyone under the age of 16. We do not knowingly collect Personal Data from children. If you are a parent or guardian and you become aware that your child has provided us with Personal Data, please contact us so that we can take the necessary action.

13. Changes to This Privacy Policy

We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and updating the “Effective date” at the top. You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.

14. Contact Us

If you have any questions about this Privacy Policy or wish to exercise your rights, please contact us:

By email: advisory@apopka.eu
By post: Apopka Advisory SAS, 26 Avenue de la République, 75011 Paris, France