Legal

Privacy Policy

Last updated: 24 April 2026

Whitepeak Law attaches particular importance to the protection of personal data of its clients and visitors, in compliance with the General Data Protection Regulation (GDPR - EU Regulation 2016/679) and the French Data Protection Act of 6 January 1978, as amended.

1. Data Controller

The controller of personal data collected on www.whitepeaklaw.com is:

Whitepeak Law
SELARL (French law firm)
3 Boulevard de Sébastopol - 75001 Paris
contact@whitepeaklaw.fr

2. Data Collected

Whitepeak Law may collect the following categories of data:

  • Identification data: surname, first name, email address, phone number
  • Professional data: position, company, business sector
  • Communication data: content of messages sent via the contact form or by email
  • Browsing data: IP address, cookies, connection logs, pages visited

3. Purposes of Processing

Data is collected for the following purposes:

  • Responding to contact and consultation requests
  • Managing the relationship with prospects and clients of the firm
  • Following up on matters and handling billing
  • Sending professional communications (legal newsletter, regulatory updates) with prior consent
  • Improving website navigation and operation
  • Complying with legal and regulatory obligations applicable to the legal profession

4. Legal Basis

Processing is based on:

  • The consent of the data subject (contact form, newsletter)
  • Performance of the contract (attorney-client relationship)
  • The legitimate interest of the firm (professional outreach, website security)
  • Compliance with legal obligations applicable to the legal profession

5. Recipients of Data

Data is intended exclusively for Whitepeak Law and its technical service providers bound by a confidentiality obligation (hosting provider, CRM tools, email tools).

Whitepeak Law does not sell, rent or transfer data to third parties for commercial purposes.

Where required, data may be disclosed to competent authorities in compliance with a legal or regulatory obligation (AMF, ACPR, TRACFIN, French tax authorities, judicial authorities).

6. International Transfers

Some technical service providers may be located outside the European Union. In such cases, Whitepeak Law ensures that transfers are covered by appropriate safeguards (European Commission standard contractual clauses, adequacy decisions).

7. Retention Period

  • Prospect data (non-clients): 3 years from last contact
  • Client data: duration of contractual relationship + applicable limitation period (5 years for professional liability)
  • Cookies: maximum 13 months
  • Connection logs: 1 year in accordance with applicable French law

8. Your Rights

Under the GDPR, you have the following rights:

  • Right of access to your personal data
  • Right to rectification
  • Right to erasure (right to be forgotten)
  • Right to restriction of processing
  • Right to data portability
  • Right to object
  • Right to withdraw consent at any time
  • Right to set instructions regarding the fate of your data after your death

To exercise these rights, send your request to:
contact@whitepeaklaw.fr
or by post to: Whitepeak Law, 3 Boulevard de Sébastopol, 75001 Paris

Proof of identity may be requested to verify your identity.

You also have the right to lodge a complaint with the French data protection authority (CNIL):
www.cnil.fr - 3 Place de Fontenoy - 75334 Paris Cedex 07

9. Professional Secrecy

As an attorney, Sibylle Diallo-Leblanc is bound by absolute professional secrecy in accordance with Article 66-5 of the French law of 31 December 1971. Confidential communications with clients and prospects are covered by this obligation and benefit from enhanced protection.

10. Security

Whitepeak Law implements technical and organisational measures to ensure the confidentiality, integrity and availability of personal data collected (HTTPS encryption, restricted data access, regular backups).