Your data

Privacy Policy

This policy describes how HelloSafe SAS (data controller) collects and processes the personal data of visitors to the hello-brokers.com website, in accordance with Regulation (EU) 2016/679 (the 'GDPR') and French Act No. 78-17 of 6 January 1978 as amended (the 'French Data Protection Act').

Last updated · 19 mai 2026


01 Data controller

Who is responsible for your data?

The controller of the personal data collected on the hello-brokers.com website is HelloSafe SAS, whose details are as follows:

HelloSafe SAS, a simplified joint-stock company (SAS) with share capital of €1,588.36. Registered office: 5 allée de la Grande Treille, 35200 Rennes, France. Rennes Trade and Companies Register 883 069 593. VAT FR81 883 069 593.

For any request relating to your personal data, you can contact us via our contact form.

02 Data collected

What data do we collect?

We do not collect any direct identifying data. HelloBrokers offers neither a user account, nor a registration form, nor a newsletter subscription on this site. You can browse all of the content without providing us with any personal information.

The only data processed is technical data related to browsing:

Audience-measurement data (Google Analytics 4): pages visited, visit duration, traffic source, device type, browser, language, country (at a coarse geographic level). This data is pseudonymized and collected only after your explicit consent.

Language preference: a technical cookie `hb-locale-pref` (1-year duration) remembers the language version of the site you selected, so as not to redirect you on every visit. This cookie contains no personal data.

Server logs: Cloudflare (our host) keeps technical logs (partial IP address, user-agent, HTTP requests) for a limited period for security and abuse-prevention purposes. These logs are not used by HelloSafe SAS for commercial or profiling purposes.

03 Purposes & legal bases

Why and on what basis?

Each processing operation serves a specific purpose and relies on an identified legal basis within the meaning of Article 6 of the GDPR:

Audience measurement (GA4): Purpose: understand how visitors use the site in order to improve the editorial experience. Legal basis: consent (Art. 6(1)(a) GDPR), obtained via the cookie banner. You can withdraw your consent at any time (see section 7).

Language preference: Purpose: display the appropriate language version. Legal basis: legitimate interest in providing a smooth browsing experience (Art. 6(1)(f) GDPR). This cookie is strictly necessary for the country switcher to function.

Security and fraud prevention: Purpose: protect the site against attacks (DDoS, abusive scraping). Legal basis: legitimate interest in the security of the service.

04 Retention period

How long do we keep your data?

We apply a principle of data minimization: no data is kept beyond what is necessary for the intended purpose.

Google Analytics 4 data: 14 months (the default retention period configured in GA4, in line with CNIL recommendations).

`hb-locale-pref` cookie: 1 year from your last visit.

Cloudflare technical logs: a period defined by Cloudflare in its own policy (typically a few days for security logs).

Exchanges via the contact form (Typeform): kept for as long as necessary to handle the request, then archived or deleted in accordance with our legal obligations (maximum duration of 3 years from the last contact).

05 Recipients

Who do we share your data with?

Your data is never sold. It is accessible only to the following recipients, acting as processors within the meaning of Article 28 of the GDPR:

Google Ireland Limited: provider of Google Analytics 4 and Google Tag Manager. Data: pseudonymized audience statistics. Location: EU (Ireland) with transfers to the United States governed by the Standard Contractual Clauses (SCCs) and the Data Privacy Framework (DPF).

Cloudflare, Inc.: hosting and protection of the site. Data: technical connection logs. Location: United States, governed by SCCs + DPF.

Typeform SL: external form solution (used for the contact page). Data: whatever you write to us in the form. Location: EU (Spain).

No data is shared with commercial partners, affiliated brokers, or third parties for prospecting purposes.

06 Transfers outside the EU

Transfers outside the European Union

Some of our processors (Google, Cloudflare) may process data in the United States. These transfers are governed by:

• The Standard Contractual Clauses (SCCs) adopted by the European Commission on 4 June 2021;

• The Data Privacy Framework (DPF) for certified processors, including Google and Cloudflare.

For more details on the applicable safeguards, you can contact us via the form.

07 Your rights

Your rights over your data

In accordance with Articles 15 to 22 of the GDPR, you have the following rights over your personal data:

Right of access: obtain confirmation that data concerning you is being processed, and obtain a copy of that data.

Right to rectification: request the correction of inaccurate or incomplete data.

Right to erasure ('right to be forgotten'): request the deletion of your data in the cases provided for by law.

Right to restriction of processing: request the temporary suspension of a processing operation.

Right to object: object to the processing of your data on grounds relating to your particular situation, in particular profiling.

Right to data portability: receive your data in a structured, machine-readable format, and transmit it to another controller.

Right to withdraw your consent at any time, for processing based on consent (in particular audience-measurement cookies).

To exercise these rights, contact us via the contact form. We will respond within one month.

08 Cookies

Cookies and trackers

Details of the cookies used on the site (nature, purpose, duration, sharing with third parties) can be found in our dedicated cookie policy. You can change your consent preferences at any time via the permanent link in the footer.

09 Complaint

Complaint to the CNIL

If, after contacting us, you believe that your rights are not being respected, you may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL):

CNIL, 3 place de Fontenoy, TSA 80715, 75334 Paris cedex 07. Website: cnil.fr. Telephone: 01 53 73 22 22.

If you reside in another EU member state, you may also refer the matter to the supervisory authority of your country of residence (ICO in the United Kingdom, AEPD in Spain, BfDI in Germany, etc.).

10 Changes

Changes to the policy

This privacy policy may be amended to reflect legal, technical, or editorial developments. The date of the last update appears at the top of this page. In the event of a substantial change, we will notify visitors via a visible banner on the site.