Last updated: March 13, 2026

Data controller

The data controller responsible for the processing of your personal data is:

PulseHeberg SAS
9 boulevard de Strasbourg
83000 Toulon, France

Data Protection Officer (DPO): [email protected]

This Privacy Policy is governed by Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 (General Data Protection Regulation, hereinafter "GDPR") and by French Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms (Loi Informatique et Libertés).

Information regarding the collected data

By using our services, you are informed that PulseHeberg may collect the following data about its customers:

- Identification data: Name, first name, postal address, email address and phone number.
- Connection data: IP address, date and time of connection and history of actions performed on the customer area.
- Service usage data: Order and service usage history.
- Communications between the client and PulseHeberg teams: Support tickets, communication by email, via social networks or any other communication channel.
- Payment information: last 4 digits of the credit card, last 4 digits of the bank account and email address and PayPal account holder.

Legal bases for processing

In accordance with Article 6 of the GDPR, your personal data is processed on the following legal bases:

Performance of a contract (Art. 6(1)(b) GDPR): Processing of your identification data, connection data, service usage data and payment information is necessary for the performance of the contract between you and PulseHeberg, including the provision of our hosting services, account management and billing.

Compliance with a legal obligation (Art. 6(1)(c) GDPR): Certain processing activities are required by law, including the retention of invoices and payment records for 10 years in accordance with French commercial and tax legislation, and the collection of identity data to fulfil our obligations under applicable regulations.

Legitimate interest (Art. 6(1)(f) GDPR): Processing of connection and terminal data for security purposes (fraud prevention, protection against cyberattacks), website analytics via Matomo (self-hosted, privacy-friendly configuration), and communications data for customer support improvement are carried out on the basis of our legitimate interest, balanced against your rights and freedoms.

Disclosure of personal data to third parties

On the basis of legal obligations, your personal data may be disclosed in application of a law, a regulation or by virtue of a decision of a competent regulatory or judicial authority. In general, we undertake to comply with all legal rules that could prevent, limit or regulate the dissemination of information or data and in particular to comply with the GDPR (Regulation EU 2016/679) and French Law No. 78-17 of January 6, 1978 relating to information technology, files and freedoms.

The personal data that you communicate to us at the time of your order are transmitted to our suppliers and subsidiaries for the treatment of this one. This information is considered by our suppliers and subsidiaries to be strictly confidential.

International data transfers

Certain third-party services used on our website may involve the transfer of personal data outside the European Economic Area (EEA):

- Google reCAPTCHA: Data may be transferred to Google servers located in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, in accordance with Article 46(2)(c) of the GDPR.
- Stripe: Payment data may be transferred to Stripe servers located in the United States. These transfers are governed by Standard Contractual Clauses (SCCs) adopted by the European Commission, in accordance with Article 46(2)(c) of the GDPR.

We ensure that all international data transfers are subject to appropriate safeguards to protect your personal data.

Collection of identity data

The use of our services requires registration and prior identification. Your personal data is used to fulfill our legal obligations resulting from the delivery of the services, under our general terms and conditions as well as the particular conditions of the subscribed service. You will not provide false personal information or create an account for another person without their permission. Your contact information must always be accurate and up-to-date.

Collection of terminal data

Some of the technical data of your device is automatically collected by PulseHeberg. This information includes your IP address, Internet service provider, hardware configuration, software configuration, browser type and language. The collection of this data is necessary for the provision of the PulseHeberg services.

Cookies usage

In accordance with the recommendations of the CNIL, the maximum duration of conservation of cookies is 13 months after their first deposit in the terminal of the User, as well as the duration of the validity of the User's consent to the use of these cookies. The lifetime of cookies is not extended with each visit. The User's consent must therefore be renewed at the end of this period.

PulseHeberg only uses cookies that are essential to the operation of its services, these cookies are used to log in to your customer account, ensure security when managing your services and your orders. In accordance with the regulations, these cookies are used without requiring your consent.

The PulseHeberg customer area and the PulseHeberg website may use the following cookies:

- WHMCSxxxxxxxxx : This is a session cookie used by our customer area to ensure that you are logged into your customer account.
- _GRECAPTCHA : This is a cookie used by our anti-robot system Google Recaptcha.
- __stripe_mid : This is a cookie used by our credit card payment processor Stripe, this cookie allows an anti-fraud analysis during a credit card payment.
- adOtr: This is a session cookie used by our Stackpath WAF to ensure that the visitor is a human.
- PRLST: This is a session cookie used by our Stackpath WAF to ensure that the visitor is a human.
- sbtsck: This is a cookie used by our Stackpath WAF to ensure that the visitor is a human.
- sp_lit: This is a cookie used by our Stackpath WAF to ensure that the visitor is a human.
- spcsrf: This is a cookie used by our Stackpath WAF to prevent cross-site request forgery.
- UTGv2: This is a cookie used by our Stackpath WAF system to register that your browser is safe and prevent further bot checks.
- sbbi: This is a session cookie used to control the connection to our CDN system.
- SPSI: This is a session cookie used to provide us with data about the user behavior of visits in order to improve the operation of our application protection (WAF).
- _pk_id: This is a cookie used by our self-hosted Matomo analytics platform (analytics.pulseheberg.io) to recognise returning visitors. It is stored for 13 months.
- _pk_ses: This is a session cookie used by our self-hosted Matomo analytics platform (analytics.pulseheberg.io) to track the pages viewed during a browsing session. It expires after 30 minutes of inactivity.

Matomo analytics: PulseHeberg uses a self-hosted instance of Matomo, hosted at analytics.pulseheberg.io, for website audience measurement. Matomo is configured in a privacy-friendly manner (IP anonymisation, limited cookie lifetime, no cross-site tracking, data stored exclusively on our own servers within the EU). In accordance with CNIL guidelines, this configuration qualifies for an exemption from the prior consent requirement.

Retention period for personal data and anonymization

We keep personal data for as long as you have a PulseHeberg customer account. After this period, the data will be anonymized and kept for statistical purposes only and will not be used in any way whatsoever.

Means of data purging are set up in order to provide for the effective deletion of data as soon as the period of conservation or archiving necessary for the achievement of the determined or imposed purposes is reached. In accordance with the GDPR (Regulation EU 2016/679) and French Law No. 78-17 of January 6, 1978 relating to data processing, files and freedoms, you have moreover a right of erasure on your data which you can exercise at any time by contacting the PulseHeberg customer service or our Data Protection Officer.

Account deletion

The User has the possibility to delete his customer account at any time, by simple request to support from his PulseHeberg customer area.

PulseHeberg undertakes to proceed with the deletion of the account as soon as possible and in the following manner:

- Your personal data (last name, first name, billing address, email address, and password) are immediately deleted from our production database.
- Personal information is likely to be kept in the backups of our database, for a maximum of 1 year.
- Invoices and payment references are kept for a period of 10 years.
- Exchanges made with our technical support are anonymized and kept for a period of 10 years.

Indications in case of a security breach detected by PulseHeberg

We undertake to implement all appropriate technical and organisational measures in order to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of personal data concerning you. In the event that we become aware of unlawful access to your personal data stored on our servers or those of our service providers, or of unauthorized access resulting in the risks identified above, we undertake to:

- Notify the CNIL (Commission Nationale de l'Informatique et des Libertés) within 72 hours of becoming aware of the breach, in accordance with Article 33 of the GDPR, where the breach is likely to result in a risk to the rights and freedoms of natural persons.
- Notify you of the incident without undue delay where the breach is likely to result in a high risk to your rights and freedoms, in accordance with Article 34 of the GDPR.
- Examine the causes of the incident and inform you.
- Take reasonable steps to mitigate any adverse effects and damages that may result from such incident.

Under no circumstances may the commitments defined in the above point concerning notification in the event of a security breach be assimilated to any recognition of fault or responsibility for the occurrence of the incident in question.

Your rights

In accordance with the GDPR (Regulation EU 2016/679) and French Law No. 78-17, you have the following rights regarding your personal data:

- Right of access (Art. 15 GDPR): You have the right to obtain confirmation as to whether or not your personal data is being processed and, where that is the case, to access such data and obtain a copy thereof.
- Right to rectification (Art. 16 GDPR): You have the right to obtain the rectification of inaccurate personal data concerning you without undue delay.
- Right to erasure (Art. 17 GDPR): You have the right to obtain the erasure of your personal data under the conditions laid down by the regulation.
- Right to restriction of processing (Art. 18 GDPR): You have the right to obtain the restriction of processing in certain circumstances, for example while we verify the accuracy of your data.
- Right to data portability (Art. 20 GDPR): You have the right to receive your personal data in a structured, commonly used and machine-readable format, and to transmit it to another controller.
- Right to object (Art. 21 GDPR): You have the right to object at any time to the processing of your personal data based on legitimate interest, including profiling.
- Right to withdraw consent (Art. 7 GDPR): Where processing is based on your consent, you have the right to withdraw that consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.
- Right to lodge a complaint (Art. 77 GDPR): You have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), the French supervisory authority, if you consider that the processing of your personal data infringes the GDPR. The CNIL can be contacted at: www.cnil.fr.

Changes to the privacy policy

We will inform you of any material changes to this Privacy Policy, and will not lower the level of confidentiality of your data substantially without informing you and obtaining your consent.

Applicable law and methods of appeal

This Privacy Policy and your use of the Site shall be governed by and construed in accordance with the laws of France, and in particular with the GDPR (Regulation EU 2016/679) and French Law No. 78-17 of January 6, 1978 relating to data processing, files and liberties. Your choice of law does not affect your rights as a consumer under the applicable law of your place of residence.

If you are a consumer, you and we agree to submit to the non-exclusive jurisdiction of the French courts, which means that you may bring an action relating to this Privacy Policy in France or in the EU country in which you live.

If you are a professional, all actions against us must be brought before a court in France.

In the event of a dispute, the parties will seek an amicable solution before any legal action. In the event of failure of these attempts, all disputes concerning the validity, interpretation and/or execution of the Privacy Policy shall be brought before the French courts, even in the event of multiple defendants or third party claims.

Exercising your rights

For any information or to exercise your rights regarding the processing of personal data collected by PulseHeberg, you can contact our Data Protection Officer (DPO):

- by email: [email protected]
- by postal mail: PulseHeberg SAS - A l'attention du DPO - 9 boulevard de Strasbourg - 83000 Toulon - France

We will respond to your request within one month, in accordance with Article 12 of the GDPR. This period may be extended by two months where necessary, taking into account the complexity and number of requests.

Contact With Our Team

Need to know something more about a specific product or service? Feel free to contact our specialized team 24/7.

Contact Our Team

Our website uses cookies to ensure you have the best possible experience. Learn More