GDPR Privacy notice


Stormshield SAS (also known as, “Stormshield”, or “we” or “us”) appreciate your interest in our products, services and business lines and your use of our websites, portals and “apps” (“Websites”).

Your privacy is important to us and we want you to feel comfortable using our websites.

Stormshield is committed to protecting the rights of individuals in line with the General Data Protection Regulation (reference EU2016/679) of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of Personal Data and on the free movement of such data (hereinafter referred as : ‘GDPR’) as well as each applicable national Personal Data protection laws and regulations (collectively referred as “Data Protection Laws and Regulations”). The protection of your privacy and Personal Data is an important concern to which we pay special attention throughout our business processes.

However, the website will include links to other websites or applications which are not necessarily covered by this Privacy Notice. In this event, we encourage you to carefully read the privacy policies of such websites.

What is Personal Data?

Personal Data is information that can be used to identify a person either directly or indirectly (hereinafter referred as: ‘Personal Data’. A ‘personal identifier’ is a piece of information that can identify an individual. This definition covers a wide range of personal identifiers to constitute Personal Data, including name, address, email address, identification number, location data or online identifier.

Which sources and what Personal Data do we use?

In the course of the contractual or client relationship between you or your organisation and Stormshield and/or access and use of Stormshield Website(s), we will collect, use and process Personal Data you provide when relevant, such as the following categories of data:

  • IT data: IP address, operating system (Windows, Linux, MacOS, Android, IOS, etc.), browser (Edge, Chrome, Safari, Firefox), date and pages you visit on our site, consent or refusal of cookies.

What are the purposes of the processing of your Personal Data?

By using the Website, Stormshield will collect and process your Personal Data in accordance with this Notice. Your Personal Data may be used for the following purposes (hereinafter referred as : the ‘Purposes’):

  1. Website Browsers / Administration.
  • We use your Personal Data for administrative purposes, including to help us better understand how our customers access and use our websites and applications; to provide reports to prospective partners, service providers, regulators, and others; to implement and maintain security, anti-piracy, fraud prevention, and other services designed to protect our customers, partners and us; and to enforce our policies, directives and processes.
  1. Research and development.
  • We use your Personal Data for research and development purposes, including improving our websites, applications, services, and customer experience and for other research and analytical purposes dedicated to improving our products, services, businesses, operations and processes.
  1. Legal compliance.
  • We use your Personal Data to comply with applicable legal obligations, including responding to an authority or court order or discovery request.
  1. To protect us and others.
  • Where we believe it is necessary to investigate, prevent or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety of any person or violations of policies, terms, and other policies.

What is the basis for processing of your Personal Data?

As a responsible company, we need a lawful basis for collecting and/or processing your data. We generally rely on a number of grounds (reasons) for our business processing.

We process your Personal Data in accordance with the provisions set out in the GDPR and the relevant applicable Data Protection Laws and Regulations. The legal basis for processing your Personal Data are:

  1. To comply with contractual obligations.

When you subscribe to a particular service through the Website, the purposes of processing your Personal Data are primarily determined by that service and we will process your information so that we can provide that service to you.

  1. As a result of your consent.

When you have consented to the processing of your Personal Data by us for certain services through the Website, you can withdraw consent at any time by following the instructions provided in the application process or by contacting us at For further information on the right of withdrawal, please see below Section “Am I obliged to provide my Personal Data?”

  1. Within the scope of a legitimate interest.

On occasion we may not need your consent to use your data, given our legitimate interest to do so but we must inform you that we do this; examples of this are:

  • For the administration and management and performance of our business relationship including accounting, auditing, performance of the contract.
  • For the analysis and optimisation of the Website.
  • For ensuring IT security (to detect security threats, frauds or other malicious or criminal activities) and the IT operation of Stormshield.
  • For prevention and investigation of criminal acts.
  • For ensuring efficient communication and to keep you up-to-date on the latest information about our services, solution and/or business activities, events, marketing campaigns, market analysis or other promotional activities and for analysis and improving the quality of our services and communication with you.
  • For monitoring the compliance with our policies and standards.
  1. On the basis of Stormshield’ legal obligations or in the public interest.

Stormshield, as any other company, is subject to legal obligations and regulations. In some cases the processing of your Personal Data will be necessary for Stormshield in other to fulfil these obligations.

Who will receive your Personal Data?

  • Authorised persons working for or on behalf of Stormshield; including our agents, service providers and advisers (e.g. Third party service providers and advisers providing the variety of products and services we need such as consent management or data analysis, IT maintenance and support, procurement services, compliance and security services, etc.);
  • Law enforcement or government authorities where necessary to comply with applicable law, or in response to any subpoenas, court orders, or to establish or exercise our legal rights or to defend against legal claims.

Which countries will Stormshield transfer Personal Data to?

Stormshield processes your Personal Data in the EEA.

For how long will your Personal Data be stored?

We process and store your Personal Data as long as it is required to meet our contractual and statutory obligations. If your Personal Data is no longer required for the performance of the contractual or statutory obligations, these will be erased on a regular basis unless further processing is necessary, for instance, for preserving particular evidence under the applicable Data Protection Laws and Regulations, or in the context of legal statutes of limitation.


We use technical and organisational security measures in order to protect the data we have under our control against accidental or intentional manipulation, loss, destruction and against access by unauthorised persons.

Our security procedures are continually enhanced as new technology becomes available.

What are your rights and how to exercise them?

You may at any time exercise your data protection rights:

  • Right to access/obtain a report detailing the information held about you: You have the right to obtain confirmation as to whether or not your Personal Data is being processed by Stormshield and if so, what specific data is being processed.
  • Right to correct Personal Data: You have the right to change any inaccurate Personal Data concerning you.
  • Right to be forgotten: In some cases, for instance, when the Personal Data is no longer necessary in relation to the Purposes for which they were collected, you have the right for your Personal Data to be erased.
  • Right to stop the processing of your data: You have the right to restrict the processing of your Personal Data by Stormshield, for instance when the processing is unlawful and you oppose the erasure of your Personal Data. In such cases, your Personal Data will only be processed with your consent or for the exercise or defense of legal claims.
  • Right to data portability: Under some circumstances provided by law, you have the right to receive the Personal Data concerning you in a structured, commonly used and machine-readable format and/or transmit those Personal Data to another data controller.
  • Right to object and to withdraw consent: please see below section “Am I obliged to provide my Personal Data?”

To this effect, please contact Stormshield in writing either by e-mail at the following address: or by writing to the addresses below, enclosing a copy of a document evidencing your identity.

Stormshield, Data Protection Officer, 1 place VERRAZZANO, 69009 LYON, France

Am I obliged to provide my Personal Data?

You may at any time object to the processing of your Personal Data or where your consent is required, withdraw such consent by contacting us at; However, please note that if you withdraw your consent, you may not be able to access and use certain information, features or services of the Website.

To what extent will decision-making be automated?

As a matter of principle, we do not use fully automated decision-making processes. In the event that we should use such processes in individual cases, we will if prescribed by law, specifically inform you of this and of your rights in this respect.

Will profiling take place?

As a matter of principle, your Personal Data will not be processed automatically with the objective of evaluating certain personal aspects (profiling). In the event that we should process your Personal Data with the objective of conducting profiling, we will, if prescribed by law, specifically inform you of this and of your rights in this respect.

How can I contact Stormshield in respect of my Personal Data?

If you are unhappy with the way in which your Personal Data has been processed or should you have questions regarding the processing of your Personal Data, you may refer in the first instance to the Stormshield Data Protection Officer, who is available for enquiries or complaints, at the following email address: or you can write to the address below:

Stormshield, Data Protection Officer, 1 place VERRAZZANO, 69009 LYON, France

Can I ask for assistance to the competent authorities?

If the supplied answers are unsatisfactory, you may then directly approach the French data protection authority: the Commission Nationale de l'Informatique et des Libertés (CNIL).



A Cookie is a small file that is transferred to your computer's hard drive or mobile device when you visit a website or application. The cookie is then accessed by the originating website that recognises that Cookie on each subsequent visit.

Cookies are used for various purposes, such as remembering your preferences, supporting user authentication, or collecting information on how many users are visiting the website or application.


We use different types of Cookies for different purposes:


These Cookies are strictly technically necessary for our website/application to work properly. They are mandatory and the website/application cannot be used without them (eg. Cookies that are used to manage user authentication).






Allows you to manage the user's consent to the different categories of cookies

1 year

These Cookies are used to anonymously measure the audience and produce generic statistics about the usage of our website/application. This enables us to understand better how users interact with our website/application, and to improve and adapt our services. You can oppose and remove them at any time using the Cookies Settings Area of our website/application.



AT Internet

Allows you to save the visitor's choice about audience cookies

1 year
atuserid AT Internet Visitor ID 1 year


Cookies that are not technically necessary for our website/application to work properly can be configured, disabled and removed from your device through the Cookie Settings Area, accessible by clicking the icon in the lower-left corner of our pages.

For the purpose of statistical analysis, we use analytics tools relying on specific Cookies. Those cookies, which generates anonymous statistics, are exempt from obtaining your prior consent. You may nevertheless object at any time to the collection of such statistical data through the cookies settings interface mentioned above or by clicking the following button:

To find out more about cookies, including how to see what cookies have been set and how to manage and delete them, visit or

Modification of the Privacy Notice

Stormshield will update this Privacy Notice from time to time in order to reflect the changes in our practices and services and also to remain compliant to Data Protection Laws and Regulations. We will inform you of any substantial modification in how we process your Personal Data.


Last updated: May 2022