Personal data

Privacy policy

We collect the strict minimum required to qualify a commercial opportunity between your fund and ours. Fund data is never used for cross-fund benchmarking. No data is ever resold.

Last updated: April 2026

Data controller

The controller of personal data collected through the Site is:

Controller
Calzonvest SAS (trade name Skalisto)
Registered office
1 avenue Maurice Ravel, 92210 Saint-Cloud, France
GDPR contact
privacy@cvlization.co

Calzonvest SAS processes your data as a controller within the meaning of Article 4(7) of Regulation (EU) 2016/679 (“GDPR”) and the amended French Data Protection Act.

Data collected

We collect only the data strictly necessary for the purposes described below:

  • Contact form: name, fund (legal name), business email, portfolio size (optional), free-text message.
  • Internal audience measurement: pages visited, locale, referrer, user-agent, anonymised IP address (the last octet is masked before storage), random session identifier stored in a session cookie.
  • CTA click tracking: name of the button clicked, source page, locale, random session identifier.

We collect no sensitive data within the meaning of Article 9 GDPR. We use no third-party advertising tracker (no Google Analytics, no Meta Pixel, no LinkedIn Insight Tag).

Legal bases

  • Contact form: performance of pre-contractual measures taken at your request (Art. 6(1)(b) GDPR).
  • Subsequent commercial exchanges: legitimate interest of Calzonvest SAS in promoting its offering to qualified prospects who have shown explicit interest (Art. 6(1)(f) GDPR).
  • Internal audience measurement: legitimate interest in improving the Site, via a first-party, anonymised mechanism, exempted from prior consent under CNIL guidelines (audience-measurement cookies strictly limited to internal statistics).

Retention periods

  • Leads (contact form): 3 years from the last active contact, in line with CNIL recommendations for B2B prospecting.
  • Audience measurement: 13 months maximum, then automatic deletion.
  • Technical logs: 12 months maximum (security, abuse prevention).
  • Contractual exchanges: duration of the relationship plus applicable statutory limitation periods (5 to 10 years depending on type).

Data recipients

Data is accessible only to:

  • Authorised members of the Skalisto team (sales, operations).
  • Our technical processors bound by contracts compliant with Article 28 GDPR: hosting provider, transactional email provider, CRM tool.

No data is sold, leased or transferred to commercial third parties. No fund data collected as part of a commercial relationship is ever used for cross-fund benchmarking.

Transfers outside the EU

Our servers and our main processors are located within the European Union. Should we occasionally rely on a processor established outside the EU, the transfer is governed by the European Commission's Standard Contractual Clauses (Decision 2021/914) and the supplementary measures recommended by the EDPB (encryption, pseudonymisation).

Cookies

The Site uses a minimal number of strictly first-party cookies:

  • Session cookie (_cvlization_session): required for the Site to function and to protect against fraudulent form submissions (CSRF). Lifetime: browser session. Exempt from consent.
  • Audience measurement identifier (visitor_token): random identifier used to aggregate page views within a visit. No cross-referencing with any third party. Exempt from consent under CNIL criteria.

No advertising cookie, no social-network cookie, no third-party pixel is set.

Your rights

Under Articles 15 to 22 GDPR, you have the following rights at any time:

  • Right of access to your data.
  • Right of rectification of inaccurate or incomplete data.
  • Right to erasure (“right to be forgotten”).
  • Right to restriction of processing.
  • Right to object to processing, including direct marketing.
  • Right to data portability.
  • Right to issue post-mortem instructions regarding the fate of your data.

To exercise these rights: privacy@cvlization.co. Response within 30 days maximum.

You also have the right to lodge a complaint with the French data protection authority, the CNIL (3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr), or with your local supervisory authority within the EU.

Security

Skalisto implements technical and organisational measures appropriate to the sensitivity of the data processed:

  • TLS 1.3 encryption on all exchanges.
  • Sovereign hosting (Scaleway Paris), no transfer outside the EU without safeguards.
  • IP anonymisation before storage, logging strictly limited to what is necessary.
  • Strict isolation of fund data (never used for cross-fund benchmarking).
  • ISO 27001 trajectory — certification targeted Q3 2026.

Contact

For any question regarding this policy or the exercise of your rights:

Email
privacy@cvlization.co
Postal mail
Calzonvest SAS — GDPR, 1 avenue Maurice Ravel, 92210 Saint-Cloud, France

A Data Protection Officer (DPO) will be appointed as soon as the thresholds of Article 37 GDPR make it mandatory.

Policy updates

This policy may be updated to reflect changes in our processing or in the regulatory framework. The last-updated date appears at the top of the page. Material changes will be notified to active contacts by email.

See also our Legal notice or Contact the team.