At WeTransform we are committed to protecting your personal data and your privacy. We follow strict security procedures, both physical and electronic, regarding the storage and disclosure of the personal data you have entrusted to us to prevent unauthorized access.

We do not sell information about you in any way.

We systematically encrypt the confidential data you transmit to us using an SSL (Secure Sockets Layer) protocol with an encryption key length of 256 bits (the highest level currently available on the market), approved by the company Verisign. Your banking or credit card information does not pass through WeTransform and is transferred directly to our banking partner.

In accordance with the law known as “information technology and freedoms” n°78-17 of January 6, 1978 relating to data processing, files and freedoms, modified by the law of August 6, 2004, you benefit from a right of access and rectification of information concerning you. To exercise these rights, simply access your account with your username and password, and modify the information.

The files in which these personal data are contained have been duly declared to the Commission Nationale de l’Informatique et des Libertés (CNIL).



The personal data of a User is information which makes it possible to identify the User directly or indirectly, within the meaning of Article 2 of Law No. 78-17 of January 6, 1978, relating to the information technology, files and freedoms, known as “Informatique et Libertés” and article 4-1° of European regulation 2016/679 of April 27, 2016 (known as the “general data protection regulation” or GDPR); this regulation specifies that the protection of personal data requires taking “appropriate technical and organizational measures to guarantee a level of security appropriate to the risk”.

Users are required to provide this type of information (surname, first name, email or postal address, user name, passwords, etc.) voluntarily when requesting information online and, where applicable, an order from WeTransform.

Purpose of processing

WeTransform processes personal data transmitted by the User for the following purposes:

(i) Customer management (processing necessary for the performance of the services described in Articles 6, 7 and 8), invoicing and payments, and dispute management (based on WeTransform’s legitimate interest);
(ii) Direct marketing (processing justified on the basis of the legitimate interest of WeTransform). Please note that the contact details of the User's contact person are only intended for this purpose.

In all cases where the processing of personal data is necessary for the performance of the contract, WeTransform will not be able to perform the contract with the User if the latter fails to provide the required information.

The duration of the conversation

The personal data concerned are kept for a period of 10 years following the termination of the contractual relationship with the User.
The person responsible for processing this data can be contacted by email or by registered mail with acknowledgment of receipt at the WeTransform head office.
After the end of the contractual relationship, the User may request the erasure of personal data which are no longer necessary for the purposes for which they were collected or processed.


WeTransform may disclose personal data to the following recipients:

(i) recipients within or connected to the User company;
(ii) third party advisors or service providers of the User;
(iii) public authorities and courts;
(iv) subcontractors acting for WeTransform.

WeTransform processes the personal data concerned within the European Economic Area, India, and the United States, where WeTransform works with subcontractors who process personal data for the performance of the contract. These subcontractors have signed a commitment to respect the GDPR.

The User expressly accepts the transmission of his personal data to the recipients listed above.

The personal data of Users will be kept by WeTransform in a strictly confidential manner and may only be reused for the purposes for which they were collected and for purposes to which the persons concerned have expressly consented, in compliance with the provisions of the Data Protection Act.

For any other use of Users' personal data, for purposes other than this