1. Introduction
TransformERP.AI (“we”, “us”, “our”) is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you visit our website (transformerp.ai) or use our services.
We are the data controller for the purposes of the EU General Data Protection Regulation (GDPR) and French data protection law. For data subjects in the United Kingdom, references to GDPR in this policy include the UK GDPR as retained in UK law under the Data Protection Act 2018.
[PLACEHOLDER — Legal entity name, registered address Strasbourg, RCS/SIRET, email: privacy@transformerp.ai]
2. What Data We Collect
a) AI Readiness Scorecard
First name, last name, work email, company name, job title, company size, country, preferred language, and assessment responses.
b) Discovery Call (contact form)
First name, last name, work email, job title, phone number, company name, SAP practice size, country, preferred language, optional message, target timeline.
c) Newsletter (The AI Partner Briefing)
First name and work email address.
d) Website browsing
IP address, browser type, device type, pages visited, time spent, referral source, cookie data. See Cookie Policy.
e) Service engagements
Business contact details, company information, billing details, engagement communications.
3. Legal Basis for Processing
| Purpose | Legal Basis (GDPR Art. 6) |
| Responding to enquiry / booking | Legitimate interest (pre-contractual) |
| Delivering purchased services | Performance of a contract |
| Newsletter | Your consent (opt-in) |
| Scorecard assessment | Your consent (form submission) |
| Website analytics | Legitimate interest |
| Non-essential cookies | Your consent (cookie banner) |
| Invoicing and tax records | Legal obligation |
4. How We Use Your Data
- Respond to enquiries and schedule calls
- Deliver Scorecard results and follow-up
- Send The AI Partner Briefing (with consent only)
- Deliver consulting services and manage client relationships
- Process payments and issue invoices
- Improve our website, content, and services
- Comply with legal and regulatory requirements
We do not sell your personal data. We do not share data with third parties for their marketing purposes.
5. Third-Party Processors
| Service | Purpose | Data Processed | Location |
| ConvertKit | Email, forms, newsletter | Name, email, company, tags | USA (EU SCCs) |
| Calendly | Scheduling | Name, email, bookings | USA (EU SCCs) |
| Stripe | Payments, invoicing | Name, email, billing | USA/EU (SCCs) |
| Google Analytics 4 | Analytics | IP (anonymised), browsing | EU (data residency enabled) |
| Google Tag Manager | Tag management | Page views, events | EU |
| Hostinger | Hosting | Server logs, IP | EU (Lithuania) |
| Complianz | Cookie consent | Consent preferences | EU (Netherlands) |
6. Data Retention
| Data Category | Retention |
| Contact form submissions | 24 months from last interaction |
| Newsletter subscribers | Until unsubscribe |
| Scorecard responses | 24 months from submission |
| Client engagement data | Contract + 5 years (tax) |
| Website analytics | 14 months (GA4 default) |
| Invoicing / payment | 10 years (French commercial law) |
7. Your Rights Under GDPR
- Access your personal data (Article 15)
- Rectify inaccurate data (Article 16)
- Erase your data — right to be forgotten (Article 17)
- Restrict processing (Article 18)
- Data portability (Article 20)
- Object to processing based on legitimate interest (Article 21)
- Withdraw consent at any time (Article 7)
Contact: privacy@transformerp.ai — Response within 30 days.
Supervisory authority: You may lodge a complaint with the competent data protection authority in your country of residence. For France: CNIL, 3 Place de Fontenoy, 75334 Paris Cedex 07, www.cnil.fr
Full list of EU/EEA authorities: https://edpb.europa.eu/about-edpb/about-edpb/members_en
8. International Data Transfers
Where data is transferred outside EU/EEA, we ensure safeguards including EU Standard Contractual Clauses (SCCs).
9. Security
We implement appropriate technical and organisational measures including SSL/TLS, access controls, and regular security reviews.
10. Children
Our services are for business professionals. We do not knowingly collect data from anyone under 18.
11. Changes
We may update this policy. The “Last updated” date indicates the most recent revision.
12. Contact
[PLACEHOLDER — Legal entity name, registered address, privacy@transformerp.ai]