Legal

    Privacy Policy

    Version 2026-07-13-b · Effective 13 July 2026

    1. Who we are

    This website, GiscardLabs, is operated by Giscard Consulting By Mounir Lakhdari (Giscard Consulting), the data controller responsible for your personal data.

    46a, Rue Maximilien, L-6463 Echternach, Luxembourg
    Trade & Companies Register (RCS Luxembourg): A43893
    Contact: m@giscard.consulting

    2. What this policy covers

    This policy explains what personal data we collect through this website, why we collect it, the legal bases we rely on, how long we keep it, who it may be shared with, and the rights you have under the EU General Data Protection Regulation (GDPR) and Luxembourg data protection law.

    3. What we collect

    We keep data collection to a minimum. Specifically:

    • Enquiry details you send us. When you complete a contact form, we collect your name, email address, an optional company name, an optional phone number, and the message you write. The phone number field is entirely optional; you are never required to provide one.
    • Proof of consent. When you submit a form we record that you gave consent, the exact consent wording shown to you, the version of this policy in force, and the time of submission.
    • Anonymous usage analytics. We record aggregate, cookieless counts of page views and form interactions to understand what is useful. These contain no name, no email, no IP address, and nothing that identifies you.
    • Technical request data. Like any web server, ours processes your IP address momentarily to deliver pages and to protect against abuse. We do not store it alongside your enquiry.

    4. Why we use it and our legal basis

    • To respond to your enquiry and take steps at your request before any engagement — legal basis: your consent (Art. 6(1)(a) GDPR) and, where relevant, steps prior to entering a contract (Art. 6(1)(b) GDPR).
    • To keep the site secure and working (transient request handling, anti-abuse rate limiting) — legal basis: our legitimate interests (Art. 6(1)(f) GDPR).

    You are free not to provide your details, but we then cannot reply to your enquiry.

    5. Cookies and tracking

    We do not use advertising or third-party tracking cookies, and we do not build profiles of visitors. Our analytics are cookieless and aggregate, which is why you will not see a cookie consent banner — there is nothing non-essential to consent to.

    6. How long we keep it

    We keep enquiry details only as long as needed to handle your request and for a reasonable period afterwards. We routinely delete enquiries older than 24 months, unless a longer period is required to meet a legal obligation or to establish, exercise, or defend legal claims. Aggregate analytics contain no personal data and may be kept indefinitely.

    7. Who we share it with

    We do not sell your personal data. We share it only with service providers who help us run this website, acting as our processors under contract:

    • Hosting & database: Replit, Inc., which hosts the website and the database where enquiries are stored.
    • Transactional email: Resend, Inc. (resend.com), which delivers operator notification emails when a new enquiry is received. Enquiry details (name, email, company, message) are transmitted to Resend's servers for this purpose. Resend is based in the United States; data transfers are covered by Standard Contractual Clauses.

    We may also disclose data where required by law or to protect our legal rights.

    8. International transfers

    Depending on configuration, data may be processed on servers located outside the EEA, including in the United States. Where personal data is transferred outside the European Economic Area, we rely on appropriate safeguards such as the European Commission's Standard Contractual Clauses.

    9. Your rights

    Subject to the conditions in the GDPR, you have the right to request access to your data; to have it corrected or erased; to restrict or object to its processing; to data portability; and to withdraw your consent at any time (which does not affect processing carried out before withdrawal).

    To exercise any of these rights, email us at m@giscard.consulting. We will respond within the time limits set by law.

    You also have the right to lodge a complaint with the supervisory authority, the Commission nationale pour la protection des données (CNPD), 15, Boulevard du Jazz, L-4370 Belvaux, Luxembourg.

    10. How we protect your data

    We apply appropriate technical and organisational measures, including encryption of data in transit (HTTPS), access controls on stored data, and the principle of collecting only what we need.

    11. Children

    This website is not directed at children, and we do not knowingly collect personal data from anyone under 16.

    12. Changes to this policy

    We may update this policy from time to time. Material changes are reflected in a new version number and effective date at the top of this page. This is version 2026-07-13-b.