Privacy policy

1 · data controller

Within the meaning of article 4 of Law No. 2008-12, the controller for the data collected via www.sylamtechgroup.com is:

• Sylamtech.GROUP SAS (group holding company)
• Registered office: 2nd floor Building B, Résidence DABA, CICES Foire — Dakar, Senegal
• Phone: +221 33 867 37 03
• Email: sales@sylamtechgroup.com

The website is declared with the Personal Data Protection Commission (CDP) of Senegal, in accordance with article 18 of Law No. 2008-12.

2 · Data Protection Officer (DPO)

In accordance with article 33 of Law No. 2008-12, you may exercise your rights or raise any question regarding your data with our dedicated point of contact:

• Email: dpo@sylamtechgroup.com
• Post: Sylamtech.GROUP — Data Protection Officer — 2nd floor Building B, Résidence DABA, CICES Foire, Dakar, Senegal

3 · data collected

In accordance with the data minimization principle (article 35 of Law No. 2008-12), we collect only the data that is strictly necessary for the purpose pursued:

• Quote form: first name, last name, business email, phone, company, project country, sector, area of expertise, description of need
• Newsletter: email only (other data optional)
• White paper downloads: first name, email, company, white paper title
• Careers application: first name, last name, email, phone, position sought, country, experience, CV, cover letter (optional), message
• Navigation: IP address, browser type, pages visited, visit duration (via analytics cookies, only with explicit consent)

No sensitive data (origin, religion, political opinions, health, sex life, etc.) is collected — its processing is strictly prohibited by article 40 of Law No. 2008-12 without express authorization from the CDP.

4 · purposes and legal bases

Purpose	Legal basis (art. 33 Law No. 2008-12)
Respond to your quote / contact request	Pre-contractual measures
Review your application for a position	Pre-contractual measures (employment)
Send our monthly newsletter	Explicit consent
Measure website audience (analytics cookies)	Explicit consent
Commercial follow-up of active clients	Performance of contract
Accounting and tax obligations	Legal obligation
Website security, fraud prevention	Legitimate interest

5 · retention period

In accordance with article 35 of Law No. 2008-12, your data is retained for no longer than is necessary for the purposes of the processing:

• Prospects with no follow-up: 3 years from the last contact
• Active clients: duration of the contractual relationship + 10 years (Senegalese and OHADA accounting obligations)
• Applications: 24 months maximum (unless the candidate expressly waives this or is actually recruited)
• Newsletter: until consent is withdrawn (unsubscribe link in every email)
• Analytics cookies: 13 months maximum
• Server logs: 12 months (article 12 of Law No. 2008-08 on electronic transactions)

6 · recipients

Your data is accessible only to authorized personnel:

• Sales team of the group and of the relevant subsidiary (SN, CI, ML, BF, TG depending on your country)
• Pre-sales technical team for expertise files
• Human Resources team for applications (rh@sylamtechgroup.com)
• Marketing team for the newsletter, subject to consent
• Our technical sub-processors bound by contract (confidentiality clause, compliance)

Your data is never transferred or resold to third parties for commercial purposes, in accordance with article 47 of Law No. 2008-12.

7 · sub-processors

We rely on the following sub-processors, each bound by a data processing agreement compliant with articles 50 to 54 of Law No. 2008-12:

• Hostinger International Ltd. (Cyprus, European Union) — website hosting and server logs
• Brevo SAS (France) — sending of transactional emails, newsletter and contact database management
• Google LLC (United States) — Google Analytics 4 and Google Tag Manager (subject to consent only)
• Meta Platforms, Inc. (United States) — Meta Pixel for advertising measurement (subject to consent only)

8 · transfers outside Senegal

In accordance with articles 49 to 54 of Law No. 2008-12 and CDP deliberation No. 2017-0001 on international transfers, transfers to the United States (Google, Meta) are governed by the European Commission's Standard Contractual Clauses (SCCs), a mechanism recognized as equivalent by the CDP. Our hosting provider Hostinger is based in the European Union (Cyprus), a territory recognized as providing an adequate level of protection. No transfer takes place to a country that does not offer sufficient safeguards.

9 · your rights (art. 58 to 68 Law No. 2008-12)

Law No. 2008-12 grants you the following rights, which you may exercise at any time:

• Right to information (art. 58) — you know which data is collected, why, and for how long
• Right of access (art. 62) — obtain a copy of all your data held by Sylamtech.GROUP
• Right to rectification (art. 63) — correct any inaccurate or incomplete data
• Right to object (art. 68) — object to the processing on legitimate grounds
• Right to erasure / "right to be forgotten" — request the deletion of your data when its retention is no longer necessary
• Right to data portability — receive your data in a structured format (CSV, JSON)
• Right to withdraw consent — for the newsletter or cookies, without justification
• Right to lodge a complaint with the CDP

How to exercise your rights?

• Send your request to dpo@sylamtechgroup.com specifying the subject and attaching a proof of identity (national ID card, passport or residence permit) — required by article 64 to verify your identity
• We acknowledge receipt within 48 business hours
• We respond within one month in line with the practice recommended by the CDP (extendable to 3 months for complex requests)
• Exercising your rights is free of charge

10 · supervisory authorities

You may at any time lodge a complaint with the competent supervisory authority:

• Senegal — lead authority: Personal Data Protection Commission (CDP) — Building Maginot, 2nd floor, Avenue Léopold Sédar Senghor, Dakar · cdp.sn · contact@cdp.sn
• Ivory Coast (Sylamtech.CI subsidiary): Telecommunications/ICT Regulatory Authority (ARTCI) — artci.ci
• Mali (Sylamtech.ML subsidiary): Personal Data Protection Authority (APDP) — apdp.ml
• Burkina Faso (Sylamtech.BF subsidiary): Information Technology and Liberties Commission (CIL) — cil.bf
• Togo (Sylamtech.TG subsidiary): Personal Data Protection Authority (IPDCP)

11 · cookie policy

In accordance with CDP deliberation No. 2020-244 on cookies and trackers, you may accept, refuse or configure cookies at any time via the banner that appears at the bottom of the page (to reopen: manage cookies). Your choice is stored for 13 months.

cookies used

12 · data security

In accordance with article 71 of Law No. 2008-12, we implement appropriate technical and organizational measures: HTTPS/TLS 1.3 encryption, strong authentication for administrator access, profile-based access control, logging, encrypted backups with restore testing, server hardening, semi-annual security audits and continuous staff training. In the event of a data breach likely to result in a risk to your rights and freedoms, we will notify the CDP and the data subjects without undue delay.

13 · sanctions

For your information, breaches of Law No. 2008-12 expose the offender to administrative sanctions imposed by the CDP (warning, formal notice, financial penalty of up to 100 million FCFA) as well as criminal sanctions (up to 7 years' imprisonment and a 20 million FCFA fine, articles 431-1 et seq. of the Senegalese Penal Code). Sylamtech.GROUP undertakes to fully comply with these obligations.

14 · updates

This policy may evolve to reflect regulatory or operational changes. The date of the latest update appears at the top of the page. Any material change will be notified to you by email if you are subscribed to the newsletter or are an active client.

cookie policy

Our website uses cookies to function, measure its audience and improve your experience. You may configure your preferences at any time via the banner that appears at the bottom of the page (click here to reopen: manage cookies).

cookies used

security

We implement appropriate technical and organizational measures to protect your data: HTTPS encryption, strong authentication, access control, logging, encrypted backups, regular audits and continuous staff training.

updates

This policy may be updated. The date of the latest update appears at the top of this page. For any material change, we will notify you by email if you are subscribed to our newsletter.

15 · contact

For any question regarding this policy or your personal data:

• DPO: dpo@sylamtechgroup.com
• General contact: sales@sylamtechgroup.com
• Recruitment: rh@sylamtechgroup.com
• Post: Sylamtech.GROUP — DPO — 2nd floor Building B, Résidence DABA, CICES Foire, Dakar, Senegal

Reference text: Law No. 2008-12 of January 25, 2008 on the protection of personal data in Senegal, and implementation decree No. 2008-721 of June 30, 2008. cdp.sn