Back to home

Privacy Policy

This policy explains how FAC CONSULTING S.A.R.L. collects, uses, stores and protects personal data processed through the FAC Project platform.

Last updated: 30 juin 2026

1Data controller

FAC Project is a digital solution published and operated by:

FAC CONSULTING S.A.R.L.

Kinshasa, Democratic Republic of the Congo

Trade register: CD/KNM/RCCM/25-B-01840

Tax ID: A2560131N

Website: www.facconsulting.org

Contact: service@facconsulting.org

2Scope of application

This policy applies to visitors of the FAC Project website, to customer organisations, their administrators, employees, contributors and any person whose data is processed through the platform.

It also applies to exchanges with our sales department, technical support and customer service.

3Allocation of responsibilities

FAC CONSULTING acts as data controller for data necessary for account creation, subscription management, security, support and the general administration of FAC Project.

For data introduced into FAC Project by an organisation, notably data relating to its clients, employees, suppliers, subcontractors, projects, contracts, expenses and internal operations, the organisation concerned remains the data controller.

In this second case, FAC CONSULTING mainly acts as a technical service provider or processor and processes data in accordance with the customer organisation's instructions, the applicable contract and the legislation in force.

4Data that may be collected

Depending on your use of the service, we may process the following categories of data:

  • identification data: surname, given name, role, function and profile picture;
  • professional contact details: email address, phone number, professional address and company;
  • account data: identifier, role, permissions, account status and preferences;
  • authentication data, notably the password kept in a secure or hashed form when local authentication is used;
  • information relating to the organisation, worksites and authorised users;
  • data relating to clients, suppliers, subcontractors and contacts registered by the organisation;
  • information relating to projects, contracts, tasks, daily reports, inspections, non-conformities and risks;
  • amounts, payment methods, references and statuses of operations recorded in the application;
  • documents, files, photos or content uploaded in the context of projects and worksites;
  • technical data: IP address, browser, device, operating system, date and time of connection;
  • activity logs, connection histories, operations performed and security events;
  • support requests, messages, attachments and exchanges with FAC CONSULTING.

FAC Project is not designed to collect sensitive data without necessity. Users must not store sensitive or legally protected data when it is not essential to their activity and authorised by law.

5Sources of data

Data may be obtained:

  • directly from the user;
  • from the organisation's administrator who creates or manages its employees' accounts;
  • during the use of FAC Project and its features;
  • through files and content imported into the application;
  • from third-party services connected to FAC Project at the organisation's request.

6Purposes of processing

Data is notably processed in order to:

  • create, authenticate and administer accounts;
  • provide FAC Project features;
  • manage organisations, worksites, users, roles and permissions;
  • track projects, worksites, tasks, daily reports, budgets, expenses and quality;
  • perform contracts and manage subscriptions;
  • respond to support requests;
  • prevent fraud, unauthorised access, abuse and security incidents;
  • monitor service availability, performance and stability;
  • improve features and user experience;
  • comply with our legal and regulatory obligations;
  • establish, exercise or defend the rights of FAC CONSULTING or its customers.

7Legal bases for processing

Depending on the nature of the data and the processing, FAC CONSULTING relies notably on:

  • performance of the contract concluded with the customer organisation;
  • the data subject's consent where required;
  • compliance with a legal or regulatory obligation;
  • protection of the platform, users and IT systems;
  • FAC CONSULTING's legitimate interest in administering, securing and improving its services, within the limits authorised by law.

8Access to data

Data is accessible only to persons who need it to carry out their duties, notably:

  • authorised users of the organisation concerned, according to their roles and permissions;
  • authorised FAC CONSULTING staff in charge of administration, security or support;
  • technical service providers necessary for hosting, backups, communication sending or service operation;
  • competent authorities when disclosure is required by law or a legally applicable decision.

FAC CONSULTING does not sell the personal data processed through FAC Project.

9Service providers and processors

FAC CONSULTING may use specialised providers for hosting, maintenance, backups, technical monitoring, sending emails or other functions essential to the service.

These providers receive only the data necessary for their missions. They are required to protect it and not use it for their own purposes, subject to their legal obligations.

10Hosting and data transfers

Data may be hosted or technically processed on infrastructure located in the Democratic Republic of the Congo or in other countries, depending on the providers used to deliver FAC Project.

When international processing or transfer is necessary, FAC CONSULTING implements the appropriate contractual, organisational and technical measures and complies with the requirements of the applicable legislation.

The customer organisation may contact FAC CONSULTING for additional information on the main hosting locations and categories of providers involved.

11Retention period

Data is retained for a period proportionate to its purpose:

  • account and operational data is retained for the duration of use of the service;
  • contractual, accounting and billing data is retained for the period required by law;
  • technical and security logs are retained for the period necessary for incident prevention and service protection;
  • support requests are retained for the period necessary to process and follow up the request;
  • backups are gradually deleted or overwritten according to their technical rotation cycle.

After the final closure of an account or the end of the contract, data is deleted, anonymised or returned within a reasonable period, unless longer retention is required by law, necessary for security or useful for the defence of a right.

12Data security

FAC CONSULTING implements technical and organisational measures proportionate to the risks, notably:

  • access control by accounts, roles and permissions;
  • protection of network communications;
  • securing authentication data;
  • logging of important actions and events;
  • periodic backups where applicable;
  • maintenance and vulnerability remediation procedures;
  • limitation of administrative access to authorised persons only.

However, no IT system can guarantee absolute security. Each user must protect their credentials, use a strong password and immediately report any suspicious activity.

13Incidents and data breaches

In the event of an incident likely to affect personal data, FAC CONSULTING takes the reasonable measures necessary to limit the consequences, restore security and inform the organisations, persons or authorities concerned where required by law.

The customer organisation undertakes to cooperate with FAC CONSULTING when an incident concerns data it has recorded in FAC Project.

14Rights of data subjects

Subject to the conditions and exceptions provided by law, any data subject may request:

  • confirmation that processing is or is not being carried out;
  • access to their personal data;
  • rectification of inaccurate or incomplete data;
  • deletion or erasure of data where the conditions are met;
  • restriction of certain processing;
  • objection to processing, where this right exists;
  • withdrawal of consent for processing based on it;
  • communication or recovery of their data in a reasonably usable format, where applicable;
  • information on the recipients or categories of recipients of the data.

When a request concerns data introduced into FAC Project by an organisation, it must be addressed in priority to that organisation. FAC CONSULTING may assist it in handling the request.

Identity verification may be requested to prevent disclosure or deletion of data to the benefit of an unauthorised person.

15Customer organisation responsibilities

Each organisation using FAC Project is responsible for the lawfulness, accuracy and relevance of the data it collects or introduces into the platform.

It must notably:

  • inform its customers, employees, suppliers and other data subjects;
  • have a legal basis to collect and use their data;
  • limit data collected to what is necessary for its activity;
  • assign appropriate roles and permissions to its users;
  • delete or correct data when it is no longer needed or becomes inaccurate;
  • not use FAC Project to unlawfully process sensitive or confidential data.

16Cookies and local storage

FAC Project may use cookies or equivalent technologies necessary for authentication, security, session maintenance, memorising the active site, display preferences and the proper functioning of the platform.

Non-essential audience measurement or analytics tools will only be used in accordance with the applicable legal requirements and, where required, with the user's consent.

Blocking certain essential cookies may prevent login or the proper functioning of some features.

17Use by minors

FAC Project is intended for professional use by organisations and their authorised users. The service is not directly intended for minors.

An organisation that processes data relating to a minor must hold the authorisations and guarantees required by law.

18Third-party links and services

FAC Project may contain links or integrations to services operated by third parties. These services have their own terms and privacy policies.

FAC CONSULTING is not responsible for the practices of these third parties when data is processed directly under their own responsibility.

19Modification of the policy

This policy may be modified to reflect the evolution of FAC Project, our practices, our providers or legislation.

In the event of a significant modification, information may be published in the application, on the website or transmitted to the administrators of the organisations concerned.

The date indicated at the top of this page corresponds to the latest published version.

20Governing law and contact

This policy is governed by the laws applicable in the Democratic Republic of the Congo, notably the provisions relating to the protection of privacy, personal data and digital services.

Any request relating to data protection may be sent to:

FAC CONSULTING S.A.R.L. — Data Protection

Email: service@facconsulting.org

Kinshasa, Democratic Republic of the Congo

Any request relating to data protection may be sent to:

FAC Project service — FAC CONSULTING S.A.R.L. — Data Protection

Email: service@facconsulting.org

Kinshasa, Democratic Republic of the Congo