fenritec.eu privacy policy — score 68/100 (medium risk)
Viimeksi analysoitu
Tämä raportti on yli 28 päivää vanha. Se näyttää viimeksi tallennetun analyysin tälle käytännölle — päivitä hakeaksesi live-sivun uudelleen ja päivittääksesi pistemäärän.
Raportin sisältö (yhteenveto, havainnot, lainaukset) on luotu englanniksi eikä sitä ole lokalisoitu.
Raportin tiedot
medium riskiFenritec generally respects EU privacy rules but lacks clear limits on data use for AI, proactive sub‑processor disclosure and detailed data‑minimisation statements.
The privacy charter outlines EU‑hosted processing, strong security measures and a ban on transfers outside the EU, yet it relies on consent for advertising pixels, provides sub‑processor information only on request, and is silent on AI/model‑training uses, resulting in a mixed compliance profile.
Kategoria-arviointi
Käytännön jakautuminen keskeisille vaatimustenmukaisuusalueille. Hyvä = vahva, kohtalainen = ristiriitainen, heikko = huolestuttava.
The charter says processing is limited to contract purposes but does not specify limits on the categories or amount of data collected.
Detailed clauses are provided, yet sub‑processor lists are only given on request and AI uses are not addressed.
Advertising pixels are used with consent, but the scope of data shared with those third parties is not fully disclosed.
Explicitly bans any transfer outside the EU without client‑authorised safeguards.
No mention of whether personal data are used for training models or how data subjects can opt‑out.
Rights are acknowledged and response times are set, but procedural details and contact points are vague.
Keskeiset havainnot
Huomionarvoiset ehdot, ongelmat tai hyvät käytännöt (kriittiset ensin)
No clause on AI or model‑training use of personal data
The charter is silent on whether personal data may be used for training machine‑learning models or improving services, creating uncertainty about secondary processing.
Advertising pixels rely on consent but lack detailed data‑flow transparency
The charter permits third‑party advertising pixels (e.g., X Ads) activated only after consent, yet it does not specify which personal data are transmitted or retained by those third parties.
Sub‑processor information only provided on request
The policy states "It will provide the Client, upon first request, with the list of subprocessors or joint controllers involved in the Processing" rather than publishing a current list proactively.
Retention periods are only partially disclosed
Specific retention times are given for logs (3 months) and billing info (10 years), but the policy does not cover other data categories, leaving the overall data‑retention framework unclear.
Yhteenveto käyttäjälle
You can expect your data to stay in the EU and be protected, but the company does not clearly tell you if it will reuse your data for AI or give you a full list of all third‑party processors up front.
Vaatimustenmukaisuusasento
mixed
EU-siirrot
good
Havaitut signaalit
Tekstistä tunnistetut erityiset tiedot ja käytännöt
Todisteiden otteet
Suorat lainaukset käytännöstä näiden havaintojen tueksi
Fenritec reserves the right to add other hosting providers to this list provided that the main parent company has its registered office in France or the European Union and is subject to the GDPR.
Unless and until you give your consent, no advertising pixel is installed or triggered.
Fenritec shall not carry out any transfer or Processing of Personal Data outside the European Union
It will provide the Client, upon first request, with the list of subprocessors or joint controllers involved in the Processing.
Puuttuu tai epäselvä
- No explicit statement on whether personal data are used for AI or model training
- No publicly available, up‑to‑date list of all subprocessors
- Limited detail on the exact data categories shared with advertising pixels
Kysyttävät kysymykset
- Can you provide a publicly accessible, regularly updated list of all current subprocessors and their GDPR compliance certifications?
- Do you use any personal data for training AI or machine‑learning models, and if so, what opt‑out mechanisms are offered to data subjects?
- What specific personal data elements are transmitted to the X Ads pixel and other advertising trackers, and can you supply a data‑flow diagram for these third‑party services?
- How do you determine the retention period for each category of personal data beyond the examples of logs and billing information?
- Is the consent obtained for advertising pixels granular (e.g., separate consent for profiling) and can it be withdrawn at any time without affecting the core service?
Jaa tämä analyysi
Kuka tahansa, jolla on tämä linkki, voi nähdä yllä olevan tuloksen.
DentroChatin rakentama
100 % eurooppalainen tekoälychat kaikille
Keskustele tekoälyn kanssa, käsittele tiedostoja, luo kuvia ja hae verkosta. Tiedot pysyvät Euroopassa.