Mandatory Shield Company SRL — compliant with the GDPR (EU 2016/679)
Mandatory Shield Company SRL
Registered office: Brussels, Belgium (European Union)
BCE company number: pending (company in formation)
VAT number: pending
Email: contact@mandatoryshield.com
Website: www.mandatoryshield.com
| Data category | Data concerned | Purpose | Legal basis |
|---|---|---|---|
| Identification data | First name, last name, company name | Client relationship management, contract and invoice issuance | Contract performance (Art. 6.1.b GDPR) |
| Contact data | Professional email address, phone number | Commercial communication, support, regulatory notifications | Legitimate interest (Art. 6.1.f GDPR) |
| Browsing data | IP address, pages visited, session duration, browser | Audience analytics, site improvement, security | Consent (Art. 6.1.a GDPR) via cookie banner |
| Contact form data | Message, expressed interest, company | Processing commercial and support requests | Pre-contractual measures (Art. 6.1.b GDPR) |
ADSecure Report™ does not collect, store or process the personal data of end users present in the directory (names, email addresses, etc.). The tool analyses aggregated security attributes (accounts with excessive privileges, password policies, delegations…) without ever extracting or logging individual nominative identifiers.
The generated reports (HTML files) remain entirely within the client's IT environment. Mandatory Shield Company has no access to their content, unless the client voluntarily transmits them as part of a technical support request.
During on-site interventions, Mandatory Shield Company consultants may temporarily view AD configuration settings on screen. This information is covered by the non-disclosure agreement (NDA) systematically signed before any intervention, and is not subject to any extraction, copying or external retention.
| Category | Period | Basis |
|---|---|---|
| Active client data (contracts, licences) | Duration of contract + 5 years | Belgian contractual limitation period (Art. 2262bis Civil Code) |
| Accounting data and invoices | 7 years | Art. III.86 Belgian Code of Economic Law |
| Prospect data (no purchase) | 3 years from last contact | CNIL / Belgian DPA recommendation |
| Browsing data (analytical cookies) | 13 months maximum | Belgian DPA recommendation |
| Security logs | 12 months | Legitimate interest |
| Job applications (recruitment) | 2 years | Belgian DPA recommendation |
Mandatory Shield Company does not sell or rent your personal data to third parties. Data may be shared with the following categories of sub-processors, bound by processing agreements compliant with Art. 28 GDPR:
Mandatory Shield Company is committed to not transferring your personal data outside the European Economic Area (EEA) without appropriate safeguards. If a transfer were necessary, it would be governed by Standard Contractual Clauses (SCCs) approved by the European Commission or an adequacy decision.
In accordance with the GDPR and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data, you have the following rights:
| Right | Description |
|---|---|
| Right of access (Art. 15 GDPR) | Obtain confirmation of processing and a copy of your data |
| Right to rectification (Art. 16 GDPR) | Have inaccurate or incomplete data corrected |
| Right to erasure (Art. 17 GDPR) | Request deletion of your data under certain conditions |
| Right to restriction (Art. 18 GDPR) | Request temporary suspension of a processing activity |
| Right to portability (Art. 20 GDPR) | Receive your data in a structured, machine-readable format |
| Right to object (Art. 21 GDPR) | Object to processing based on legitimate interest or for direct marketing purposes |
| Withdrawal of consent (Art. 7 GDPR) | Withdraw your consent at any time without retroactive effect |
To exercise your rights: Send your written request to contact@mandatoryshield.com with proof of identity. We will respond within one month (extendable by two months for complex requests).
Right to lodge a complaint: You may lodge a complaint with the Belgian Data Protection Authority (DPA): Rue de la Presse 35, 1000 Brussels — www.dataprotectionauthority.be
Mandatory Shield Company implements appropriate technical and organisational measures to protect your personal data, including:
These cookies are essential for the website to function and cannot be disabled. They do not require your consent.
| Cookie | Duration | Purpose |
|---|---|---|
| session_id | Session | Maintaining the user session |
| csrf_token | Session | Protection against CSRF attacks |
| cookie_consent | 12 months | Remembering your consent choice |
These cookies allow us to measure audience and improve our website. They are only activated after your explicit consent via our cookie banner.
You can manage or withdraw your consent at any time via the cookie settings accessible in the footer.
For any questions regarding this policy or to exercise your rights:
Mandatory Shield Company SRL — Data Protection Officer
Email: contact@mandatoryshield.com
Subject: [GDPR] – Subject of your request
This policy may be updated. Any substantial modification will be communicated in advance by email to active clients. The date of last update appears at the top of this document.
Mandatory Shield Company SRL — Website mandatoryshield.com and ADSecure Report™ platform
These Terms of Use (hereinafter "ToU") govern access to and use of the website www.mandatoryshield.com (hereinafter "the Site") published by Mandatory Shield Company SRL, a company governed by Belgian law with its registered office in Brussels, Belgium, currently being registered with the Crossroads Bank for Enterprises.
These ToU apply to all visitors and users of the Site. They are distinct from the General Terms and Conditions of Sale (GTC) which govern commercial contractual relationships, and from the software licence for ADSecure Report™.
Access to and use of the Site implies full and unconditional acceptance of these ToU. If you do not accept these terms, you must immediately cease using the Site.
In the event of a conflict between these ToU and specific conditions applicable to certain services, the latter shall prevail.
Mandatory Shield Company endeavours to ensure the Site is available 24/7. However, Mandatory Shield Company reserves the right to temporarily interrupt access for maintenance, updates or force majeure, without incurring liability.
Certain services require the creation of a user account. The user undertakes to provide accurate, complete and up-to-date information, to maintain the confidentiality of their credentials and to immediately notify Mandatory Shield Company of any unauthorised access to their account.
Mandatory Shield Company reserves the right to suspend or terminate any account in the event of a violation of these ToU.
The user is responsible for configuring their computer equipment to access the Site. Mandatory Shield Company cannot be held responsible for access problems related to the user's equipment configuration or internet service provider.
All elements of the Site and the ADSecure Report™ platform — including texts, graphics, logos, icons, images, screenshots, source code, scoring algorithms, analysis engines, security rule bases, generated reports, trade names and trademarks — are the exclusive property of Mandatory Shield Company SRL or its licensors.
These elements are protected by Belgian and European intellectual property law, including the Belgian Code of Economic Law (Book XI), Directive 2001/29/EC on copyright in the information society, and Directive 2009/24/EC on the legal protection of computer programs.
A personal, non-exclusive, non-transferable and revocable licence to use the Site is granted to the user solely for the purpose of consulting the Site.
The user undertakes to:
In the event of a violation of these obligations, Mandatory Shield Company reserves the right to immediately suspend access to the Site and services, and to initiate any appropriate legal proceedings.
Information published on the Site is provided for information purposes only. Mandatory Shield Company does not guarantee the accuracy, completeness or currency of information published. Use of Site information is entirely at the user's own risk.
ADSecure Report™ is an audit and decision-support tool. Results provided do not constitute an absolute guarantee of security. Mandatory Shield Company cannot be held liable for security incidents occurring despite use of the software, data loss, business interruption or any indirect damage resulting from the use or inability to use the platform.
Mandatory Shield Company's contractual liability is in all cases limited to the net amount paid by the client under the current contract, in accordance with the GTC.
Mandatory Shield Company cannot be held responsible for any failure to fulfil its obligations resulting from a force majeure event within the meaning of Article 5.225 of the new Belgian Civil Code, including major cyberattacks, internet infrastructure failures, natural disasters or government decisions.
The Site may contain links to third-party websites. These links are provided for information purposes only. Mandatory Shield Company exercises no control over the content of these sites and accepts no liability for their content, privacy policy or practices.
The creation of hyperlinks pointing to the Site is permitted provided that the link does not create confusion about the identity or activities of Mandatory Shield Company and is not used in a context that damages the company's image.
These ToU are governed by Belgian law, excluding its conflict of laws rules, and shall be interpreted accordingly.
In the event of a dispute relating to the interpretation, validity or performance of these ToU, and failing amicable resolution within 30 days of notification of the dispute, the parties confer exclusive jurisdiction on the competent courts of the judicial district of Brussels (Belgium).
For consumers residing in the EU: in accordance with Regulation (EU) No 524/2013, you may use the Online Dispute Resolution (ODR) platform: https://ec.europa.eu/consumers/odr. Mandatory Shield Company provides services exclusively to professionals (B2B).
Mandatory Shield Company reserves the right to modify these ToU at any time. Modifications take effect upon publication on the Site. Users with an account will be notified by email of any substantial modification at least 30 days before it takes effect.
Continued use of the Site after modification of the ToU constitutes acceptance of the new terms.
Mandatory Shield Company SRL — Exclusively B2B sales — Belgian law applicable
Mandatory Shield Company SRL
Registered office: Brussels, Belgium (European Union)
BCE number: pending | VAT: pending
Commercial email: contact@mandatoryshield.com
These General Terms and Conditions of Sale (hereinafter "GTC") apply exclusively to sales and service agreements concluded between Mandatory Shield Company SRL (hereinafter "the Provider") and any professional buyer (hereinafter "the Client"), whether a legal entity or a natural person acting in the course of their professional activity.
Any order implies full and unconditional acceptance of these GTC, which prevail over the Client's general purchasing conditions, unless otherwise agreed in writing and signed by a legal representative of Mandatory Shield Company SRL.
The contract is formed through the following steps:
The quotation is valid for 30 calendar days from the date of issue, unless otherwise expressly stated.
| Plan | Main content | Indicative price excl. VAT/year |
|---|---|---|
| ONE-SHOT | Single MSC-led on-site intervention, full scan (286 controls), all 7 reports, SHA-256 validated execution, expert debrief | 2,400 € |
| ESSENTIAL | Everything in One-Shot + trend report, software update access, email support. Target: SME 20–200 users | 6,900 € |
| PROFESSIONAL | Everything in Essential + ShieldConnect (6 SIEM connectors, JSON/CEF), unlimited scans, priority phone + email support, premium updates. Target: ETI 200–800 users | 14,900 € |
Each intervention systematically includes an on-site visit by a Mandatory Shield Company consultant, in accordance with the company's audit philosophy. Travel expenses for interventions outside the Brussels-Capital Region are invoiced according to the rate schedule communicated with the quotation.
All prices are expressed in euros (€), excluding VAT (ex-VAT). The applicable VAT is that in force in Belgium at the legal rate applicable on the invoicing date (currently 21% on B2B IT services in Belgium, subject to the reverse charge mechanism for intra-community VAT-registered entities).
The invoice is issued upon contract or purchase order signature. For One-Shot: 10% deposit on signing, 50% on delivery of first reports, 50% on delivery of final reports. For annual subscriptions (Essential / Professional): billed quarterly. No pro-rata refund applies in the event of early termination, unless otherwise expressly stipulated in the contract.
Prices may be revised annually, at the earliest at contract expiry, with 60 days' written notice. The revision is capped at the Belgian consumer price index (CPI) published by Statbel for the previous year, unless there is a substantial evolution of the product.
Payment deadline: Invoices are payable within 30 days net end of month from the date of issue, by bank transfer to the account of Mandatory Shield Company SRL, details of which appear on the invoice.
Late payment: In accordance with the Belgian law of 2 August 2002 on combating late payment in commercial transactions (transposing Directive 2011/7/EU), any late payment automatically and without prior formal notice entails:
Retention of title clause: The ADSecure Report™ software and licences granted remain the exclusive property of Mandatory Shield Company SRL until full payment of all amounts due.
After receipt of payment and contract signature, the on-site intervention is scheduled within 5 to 10 business days depending on the Client's location and consultant availability.
The Client undertakes to:
In the event of inaccessibility attributable to the Client (absence of contact, unprepared environment), the travel expenses for the lost day will be invoiced to the Client at €500 ex-VAT.
Mandatory Shield Company grants the Client, for the duration of the contract, a non-exclusive, non-transferable licence to use the software, limited to the Active Directory domains of the Client designated in the contract.
Permitted uses: Running the software on the Client's systems, generating audit reports for internal use and presentation to external auditors in the context of compliance procedures.
Prohibited uses:
Duration: Contracts are concluded for an initial period of one (1) year from the date of signature.
Renewal: Upon expiry, the contract is tacitly renewed for successive one-year periods, unless notice of non-renewal is sent by registered letter or email with acknowledgement of receipt at least 30 days before the expiry date.
Termination for breach: Either party may terminate the contract by operation of law, after a formal notice by registered letter remaining without effect for 15 days, in the event of a serious breach by the other party of its contractual obligations.
Effects of termination: At the date of termination, the Client's access rights and licences are immediately revoked. No refund is due for the period already invoiced.
Mandatory Shield Company warrants that ADSecure Report™ will function in accordance with its documentation for the technical environments described in the prerequisites. In the event of a proven malfunction, Mandatory Shield Company undertakes to provide a fix or workaround within a reasonable timeframe.
| Plan | Channel | Guaranteed response time | Hours |
|---|---|---|---|
| Essential | Email only | 48 business hours | Mon–Fri 9am–6pm CET |
| Professional | Email + Phone | 24 business hours | Mon–Fri 9am–6pm CET |
Corrective updates and new security rules integrated into ADSecure Report™ are included in the subscription. Major new features may be subject to a price upgrade communicated with 60 days' notice.
ADSecure Report™ is an audit and decision-support tool. It does not replace a security audit certified by an accredited body, nor the Client's legal obligations in terms of cybersecurity.
Mandatory Shield Company's liability may only be engaged for direct, foreseeable and proven damage resulting from a proven fault in the performance of its contractual obligations.
Under no circumstances can Mandatory Shield Company be held liable for:
Liability cap: The total and cumulative liability of Mandatory Shield Company under this contract is limited to the net amount actually received by Mandatory Shield Company under the current contract year.
The parties mutually undertake to treat as confidential all information exchanged in the context of the contract, including the Client's Active Directory technical infrastructure data, audit results and generated reports.
A non-disclosure agreement (NDA) is systematically proposed and signed before any on-site intervention. In the event of a conflict, the provisions of the signed NDA prevail over these GTC.
These confidentiality obligations survive the expiry or termination of the contract for a period of 5 years.
These GTC are governed by Belgian law. In the event of a dispute, the parties will endeavour to find an amicable solution within 30 days. Failing that, the dispute will be submitted to the exclusive jurisdiction of the courts of the judicial district of Brussels.
The parties expressly waive the application of the United Nations Convention on Contracts for the International Sale of Goods (CISG) to their contractual relationship.
Pursuant to Article XII.7 of the Belgian Code of Economic Law and applicable European law
Mandatory Shield Company SRL
Legal form: Private Limited Company (SRL/BV) under Belgian law
Registered office: Brussels, Belgium (European Union)
BCE company number: pending (company in formation)
Intra-community VAT number: pending
Capital: being determined upon incorporation
Co-founders and directors:
Pierre-Antoine Rouhaud — Co-founder & CEO
Raphaël Berki — Co-founder & CTO
Contact: contact@mandatoryshield.com
Website: www.mandatoryshield.com
Scaleway SAS
Subsidiary of the Iliad group
8 rue de la Ville l'Évêque — 75008 Paris, France
RCS Paris: 433 115 904
Website: www.scaleway.com
Infrastructure hosted within the European Union (France)
All content on this site — texts, graphics, logos, icons, images, audio or video clips, digital downloads, data compilations, software — is the property of Mandatory Shield Company SRL or its licensors and is protected by Belgian and international intellectual property law.
The trademark ADSecure Report™, the Mandatory Shield logo and all trade names used on this site are registered or pending trademarks. Any unauthorised reproduction or representation constitutes an infringement sanctioned by the Belgian Code of Economic Law (Book XI) and applicable European texts.
Publication director: Pierre-Antoine Rouhaud, Co-founder & CEO of Mandatory Shield Company SRL.
Mandatory Shield Company SRL endeavours to ensure the accuracy and currency of information published on this site. However, it cannot guarantee the accuracy, precision or completeness of information made available on this site. Accordingly, Mandatory Shield Company accepts no liability for any inaccuracy, imprecision or omission relating to information available on this site.
The processing of personal data collected via this site is carried out in accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and the Belgian law of 30 July 2018 on the protection of natural persons with regard to the processing of personal data.
Data controller: Mandatory Shield Company SRL, contact@mandatoryshield.com.
For any questions regarding the protection of your data or to exercise your rights (access, rectification, erasure, portability, objection), please consult our or contact us at contact@mandatoryshield.com.
Supervisory authority: Belgian Data Protection Authority (DPA) — Rue de la Presse 35, 1000 Brussels — www.dataprotectionauthority.be
This site uses cookies. For detailed information on the cookies used, their purpose and how to manage your preferences, please consult our , section 9 (Cookies).
This site and its content are subject to Belgian law. In the event of a dispute concerning the use of the site, the competent courts of the judicial district of Brussels (Belgium) shall have exclusive jurisdiction.
| Register / Body | Number / Status |
|---|---|
| Crossroads Bank for Enterprises (BCE) | Pending — company in formation |
| Belgian VAT number | Pending |
| Business court | Brussels (jurisdiction) |
| ADSecure Report™ trademark | EUIPO filing in progress |
| Professional liability insurance | Being arranged — prior to any commercial contract |
Website design and development: Mandatory Shield Company SRL — Internal team.
Icons: Lucide Icons (MIT licence).
Typefaces: Segoe UI / System UI (system licences).