Website privacy policy

Personal data - Website management

Activities relating to the website involve the processing of personal data.

What does the privacy policy cover?

The present policy informs you of the characteristics of this processing and of your rights regarding your personal data.

This privacy policy has been drafted in accordance with the French Data Protection Act n°78-17 of January 6, 1978 (known as the "Loi informatique et libertés" or "LIL") and the General Regulation on the Protection of Personal Data ("RGDP") n°2016/679.

Who is responsible for this policy?

The data controller is LC TRUFFES, represented by its legal representative Christine Laroussi.

The contact details of the data controller are as follows: 500 Route du Ruisset 38360 NOYAREY.

The manager can be reached at: 0476052107

The contact e-mail address is: contact (a)

Who is this policy aimed at?

This policy is intended for users of the site: Internet users browsing the site.

It also covers :

-people to whom we have entrusted technical services (hosting provider, maintenance, site security)

-people who contact us using the site's contact form

Purposes (what data is collected for)

The purpose of the processing is to manage the website.

This treatment allows :

-technical management of the site (maintenance, hosting, site security)

-managing inquiries via the contact form

Legal basis for processing: what gives us the right to process data

The legal bases for processing are as follows:

-for technical management of the site (maintenance, hosting, site security), the legal basis is legitimate interest

for the management of requests for information via the contact form, the legal basis is the legitimate interest (to enable online communication) or the execution of pre-contractual measures (production of quotations at the request of individuals)

Data retention period

Data is kept for no longer than is necessary for the purposes for which it was recorded (principle of minimization of processing).

Maximum shelf lives are as follows:

-for technical site management (maintenance, hosting, site security): 12 months for IP addresses and connection logs

-for the management of requests for information via the contact form: 3 years from the date of the request

Processed data

The data controller processes the following categories of data:

Identification data (surname, first name, company name, job title, telephone, e-mail, address)

-Content of the message on the contact form

Whether data collection is mandatory or optional

The data collected is mandatory for the purposes of processing.

Data sources

The data is transmitted directly by the data subject.

Data recipients

The personal data collected is reserved for the use of the data controller. No personal data is transferred by the data controller to third parties except when necessary.

What safety measures are in place?

The data controller implements appropriate technical and organizational measures to guarantee a level of security appropriate to the risk.

The controller shall take steps to ensure that any natural person acting under the authority of the controller or the processor, who has access to personal data, does not process them unless instructed to do so by the controller, unless obliged to do so.

Whether or not data is transferred to a country outside the European Union, and associated guarantees

In principle, the data controller does not transfer personal data outside the European Union.

If transfers are made, the data controller undertakes to ensure that these transfers are carried out :

-to countries offering an adequate level of protection as defined by the European data protection authorities, or

-with appropriate safeguards pursuant to Article 46 of the RGDP or

-in compliance with Article 49 of the RGPD.

Automated decision-making

The processing does not involve fully automated decision-making.

Fate of personal data after death - Right of access, rectification, deletion and portability of data

The person concerned by a processing operation can define directives concerning the conservation, deletion and communication of his or her personal data after his or her death. These directives may be general or specific.

Data subjects also have the right to access, object to, rectify, delete and, under certain conditions, port their personal data. The data subject has the right to withdraw consent at any time if consent is the legal basis for processing.

The request must indicate the first and last name, e-mail or postal address of the person concerned, and must be signed and accompanied by valid proof of identity.

To exercise these rights, please contact Christine Laroussi.

The manager can be reached at 0476052107.

The contact e-mail address is: contact (a)


The person concerned by a processing operation has the right to lodge a complaint with the supervisory authority (CNIL):