Privacy notice
This notice describes how TheConnector collects, uses, retains and protects your personal data, and how you can exercise your rights.
Last updated: 2026-04-05
Data controller
TheConnector
[Legal entity — to be filled: e.g. SASU TheConnector]
[Registered address — to be filled]
SIRET: [to be filled]
No DPO appointed (processing not subject to mandatory appointment under Art. 37 GDPR). Any data protection request should be addressed to the controller at the address above.
Purposes and legal bases
Creating and managing the user account, two-factor authentication, session management. Data: first name, last name, email address, hashed password, session history.
Legal basis: performance of contract (Art. 6.1.b GDPR).
Receiving TradingView webhooks, routing orders to MetaTrader 4/5, robot supervision, trading account management. Data: MT4/MT5 account codes, access keys, order execution logs, risk parameters.
Legal basis: performance of contract (Art. 6.1.b GDPR).
Issuing invoices, managing subscriptions, processing payments (Stripe where applicable). Data: identity, amounts, transaction references, invoice history.
Legal basis: legal obligation (Art. 6.1.c GDPR — Art. L.123-22 French Commercial Code) and performance of contract.
Handling technical support requests, ticket management, exchange history. Data: email, message content, any attachments.
Legal basis: performance of contract and legitimate interests (Art. 6.1.b and 6.1.f GDPR).
Detecting unauthorised access, fraud prevention, authentication logs. Data: IP addresses, timestamps, session identifiers.
Legal basis: legitimate interests (Art. 6.1.f GDPR).
Handling requests submitted via the Contact page. Data: name, email address, message, consent timestamp.
Legal basis: consent (Art. 6.1.a GDPR).
Sending informational emails about service updates (new features, offers). Data: email address.
Legal basis: legitimate interests (Art. 6.1.f GDPR) for existing customers; consent (Art. 6.1.a) for others. You may unsubscribe at any time via the link in each email.
Retention periods
For the duration of the contractual relationship.
3 years from the end of the contract (standard civil limitation period — Art. 2224 French Civil Code).
10 years from the end of the financial year (legal obligation — Art. L.123-22 French Commercial Code).
1 year (CNIL recommendation, transposition of Art. 6 Directive 2002/58/EC).
3 years from ticket closure.
3 years from submission.
Duration of the contractual relationship, then 3 years (civil limitation).
Recipients and processors
Access limited to authorised staff for service operation, support and maintenance.
The service is hosted on servers located within the European Union. [Specify hosting provider — e.g. OVH, Hetzner, etc.]
Stripe, Inc. (San Francisco, United States) processes card payments. Payment data is transmitted directly to Stripe and is not stored on our servers. Stripe is bound by the European Commission's Standard Contractual Clauses ensuring an adequate level of protection for transfers outside the EU.
stripe.com/privacy
Transactional emails are sent via a mail server operated directly by TheConnector (Postfix, hosted in the EU). No third-party email provider is currently used.
Your data may be disclosed to competent authorities (judicial, administrative) if we are legally required to do so.
Transfers outside the European Union
Personal data is processed and hosted within the European Union. Only Stripe, Inc. is located in the United States and payment data is transmitted to it during transaction processing.
Stripe relies on Standard Contractual Clauses (SCCs) adopted by the European Commission pursuant to Art. 46.2.c GDPR. Stripe also adheres to the EU-U.S. Data Privacy Framework.
Your rights
You may obtain confirmation that data about you is being processed and request a copy.
You may request the correction of inaccurate or incomplete data about you.
You may request deletion of your data in the cases provided by the GDPR (data no longer necessary, withdrawal of consent, unlawful processing, etc.), unless retention is required by a legal obligation (e.g. invoices).
You may request the suspension of processing of your data in certain situations (contesting accuracy, unlawful processing, etc.).
For data processed on the basis of contract or consent, you may receive your data in a structured, readable format, or request their direct transmission to another controller.
You may object at any time to processing based on legitimate interests (security, support), unless we demonstrate compelling legitimate grounds. You may also object at any time to processing for direct marketing purposes.
Where processing is based on your consent, you may withdraw it at any time. Withdrawal does not affect the lawfulness of prior processing.
Under French law, you may give instructions regarding the retention, deletion and communication of your data after your death.
Send your request by email to winak@orange.fr clearly specifying the right you wish to exercise and attaching a copy of proof of identity. We will respond within one month (which may be extended by two further months if complexity warrants it — Art. 12 GDPR).
Complaint to the supervisory authority
If you believe your rights are not being respected, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French supervisory authority:
CNIL — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
cnil.fr/fr/plaintes
— Tel: +33 1 53 73 22 22
Before contacting the CNIL, we encourage you to contact us directly so we can resolve the issue amicably.
Cookies and trackers
TheConnector only uses technical cookies essential to the operation of the service: authentication session cookie and anti-CSRF token (cross-site request forgery protection). These cookies cannot be disabled without affecting site functionality. They do not require your consent (Art. 82(3) French Data Protection Act).
No advertising cookies or third-party trackers (Google Analytics, Facebook Pixel, etc.) are placed on this site.
Data security
TheConnector implements appropriate measures to protect your data: encrypted communications (TLS), password hashing, access controls, sensitive event logging, two-factor authentication available. Trading account access keys can be regenerated at any time from the workspace.
In the event of a personal data breach posing a risk to your rights and freedoms, we will notify the CNIL within 72 hours (Art. 33 GDPR) and notify you without undue delay if the risk is high (Art. 34 GDPR).
Changes to this notice
This notice was last updated on 2026-04-05. In case of substantial changes, users with an active account will be notified by email.
This notice is governed by French law and Regulation (EU) 2016/679 (GDPR). In the event of a dispute, French courts have jurisdiction.