PRIVACY POLICY
Company: Vent Neuf Limited ("Vent Neuf", "we", "us", "our")
Trading as: Couleur Blanche
Registered office: The Black Church, St. Mary's Place, Dublin 7, D07 P4AX, Ireland
Contact: [email protected] / [email protected]
This Privacy Policy explains how we collect, use, disclose, and protect personal data when you visit https://couleurblanche.com (the "Website"), contact us, or use our services (brand design, identity design, brand strategy, and creative services).
We process personal data in accordance with the EU GDPR (Regulation (EU) 2016/679), Irish law, and, where applicable to UK individuals, the UK GDPR and Data Protection Act 2018.
1. Who we are (Controller)
Vent Neuf Limited is the data controller for data described in this Policy.
If we process data strictly on a client's documented instructions (e.g., when operating a hosted solution for a client), we act as processor and the client remains controller under a separate data-processing agreement (DPA).
2. What data we collect
a) You provide to us
- Identity & contact: name, email, phone, company, job title, postal address.
- Commercial: project briefs, contracts, invoices, payment references.
- Support: messages, call notes, meeting recordings (if agreed), feedback.
- Recruitment/freelancers: CV/portfolio, rates, availability, references.
b) Collected automatically (Website/app)
- Usage/technical: IP address, device/browser info, pages visited, timestamps, referrers, approximate location.
- Cookies/tracking: see section 4 below.
c) From third parties
Referrals or partners, public business profiles (e.g., LinkedIn), fraud-prevention and KYC providers (where required for billing/AML).
We don't intentionally collect children's data and our services are B2B / 18+.
3. Why we use your data (legal bases)
| Purpose | Examples | Legal basis |
|---|---|---|
| Provide services & support | Brand design, identity creation, strategy, project management, hosting, maintenance | Contract (Art. 6(1)(b)) |
| Sales & communication | Responding to enquiries, demos, proposals, consultations | Legitimate interests (LI) to operate our business (Art. 6(1)(f)) |
| Marketing | Newsletters, case studies (with consent), portfolio showcases, events | Consent (Art. 6(1)(a)) or LI (opt-out any time) |
| Billing & tax | Invoicing, accounting, AML where applicable | Legal obligation (Art. 6(1)(c)) |
| Security & abuse prevention | Logs, rate-limiting, incident response | LI |
| Recruitment / freelancers | Evaluate applications, manage contracts | Contract / LI |
| Website improvement | Analytics, user behavior analysis, performance monitoring | Consent / LI |
Where we rely on legitimate interests, we balance them against your rights and implement minimisation and opt-out controls.
4. Cookies & analytics
We use:
- Strictly necessary cookies: security, session management, consent preferences.
- Analytics: Google Analytics (anonymized IP) and Google Tag Manager to understand how visitors use our Website, set only with consent where required.
- Performance cookies: to monitor website performance and user experience.
You can manage preferences via our Cookie Consent Banner (displayed on first visit) and in your browser settings. We respect your choices and only set non-essential cookies after obtaining consent.
Cookie types we use:
- Session cookies (deleted when you close your browser)
- Persistent cookies (stored for analytics purposes, typically 2 years)
- Third-party cookies (Google Analytics - see their privacy policy at policies.google.com/privacy)
5. Sharing your data
We share data only with:
- Service providers (processors) we use to run our business: cloud hosting (Vercel/AWS), email & productivity (Google Workspace), analytics (Google Analytics), and similar tools.
- Professional advisers (accountants, auditors, lawyers), fraud-prevention/KYC where necessary, and authorities where legally required.
- Within our group (if we form one in future).
We sign DPAs with processors and require appropriate security and confidentiality.
We do not sell personal data.
6. International transfers
Your data may be processed outside the EEA/UK (e.g., the US for cloud services). When we transfer data internationally we rely on:
- Adequacy decisions (Art. 45) where available (e.g., UK).
- Standard Contractual Clauses (SCCs) and (for UK) IDTA / Addendum, plus transfer impact assessments and supplementary safeguards.
You can request a copy of relevant transfer safeguards via the contact details above.
7. Retention
We keep data only as long as needed:
- Client/project files: duration of contract + 6 years (statutory limitation / tax).
- Prospects & marketing: until you opt-out or after 24 months of inactivity.
- Support logs: up to 12 months unless incident-related.
- CVs/freelancer records: up to 24 months (or longer if engaged).
- Cookies: see section 4 above.
- Analytics data: 26 months (Google Analytics default).
We then delete or irreversibly anonymise data.
8. Your rights
Under the EU/UK GDPR you have the right to access, rectify, erase, restrict, port, and object to certain processing, and to withdraw consent at any time (without affecting prior processing). You also have the right not to be subject to a decision based solely on automated processing where applicable.
To exercise rights: email [email protected] or [email protected]. We may need to verify your identity.
Complaints:
- Ireland: Data Protection Commission, www.dataprotection.ie
- UK: Information Commissioner's Office (ICO), www.ico.org.uk
We'd appreciate the chance to resolve your concern first.
9. Security
We use administrative, technical and physical safeguards appropriate to risk: least-privilege access, encryption in transit (HTTPS/TLS), secure hosting, logging/monitoring, vendor review, and incident response. No system is 100% secure; if a breach is likely to risk your rights, we will notify you and regulators as required.
Security measures include:
- SSL/TLS encryption for all data in transit
- Secure cloud hosting with automated backups
- Regular security updates and patches
- Access controls and authentication
- Regular security audits and monitoring
10. Acting as a processor (client data)
If we host, process or store personal data on your behalf (e.g., in a SaaS or managed environment), we will only process it under your instructions and our Data Processing Agreement (DPA). You, as controller, are responsible for providing a lawful basis, notices to your users, and handling data-subject requests; we will assist per the DPA.
11. Third-party links
Our Website may contain links to third-party websites (e.g., social media profiles, client websites, calendar booking tools). We are not responsible for the privacy practices of these external sites. Please review their privacy policies before providing any personal data.
External services we link to:
- Google Calendar (for consultation bookings)
- LinkedIn, Instagram, Facebook, X/Twitter (social media profiles)
12. Changes
We may update this Policy from time to time. We'll post updates here and adjust the Effective date. Significant changes will be notified on the Website or by email if appropriate.
13. Contact
Questions or requests about this Policy:
- Email: [email protected]
- Email: [email protected]
- Postal: Vent Neuf Limited, The Black Church, St. Mary's Place, Dublin 7, D07 P4AX, Ireland
Last updated: 14 November 2025