Website Privacy Policy

Personal data - Website management

The activities related to the website www.lc-truffes.com entail the processing of personal data.

What is the privacy policy about?

This policy informs you of the characteristics of this processing and of your rights regarding your personal data.

This privacy policy is written in accordance with the French law n°78-17 of January 6, 1978 (known as "Loi informatique et libertés" or "LIL") and the General Regulation on the Protection of Personal Data ("RGDP") n°2016/679.

Who is responsible for this policy?

The person in charge of processing is the company LC TRUFFES, represented by its legal representative Christine Laroussi.

The coordinates of the person in charge of processing are as follows: 500 Route du Ruisset 38360 NOYAREY.

The person in charge can be reached at the following number: 0476052107

The contact email address is: contact (a) lc-truffes.com

Who is this policy for?

This policy is intended for the users of the site: the Internet users who browse the site.

It also concerns :

-the people to whom we have entrusted technical services (hosting provider, maintenance, site security)

-people who contact us through the contact form on the site

Purposes (what the data is collected for)

The purpose of the processing is to manage the website.

This treatment allows:

-technical management of the site (maintenance, hosting, site security)

-management of inquiries through the contact form

Legal basis for processing: what gives us the right to process the data

The legal bases for the processing are as follows:

-for the technical management of the site (maintenance, hosting, site security), the legal basis is the legitimate interest

for the management of requests for information through the contact form, the legal basis is the legitimate interest (to allow online communication) or the execution of pre-contractual measures (realization of estimates at the request of the persons)

Duration of data retention

The data being processed are kept for a period not exceeding that necessary for the purposes for which they are recorded (principle of minimization of processing).

The maximum retention periods are as follows:

-for the technical management of the site (maintenance, hosting, site security): 12 months for IP addresses and connection logs

-for the management of information requests via the contact form: 3 years from the date of the request

Processed data

The data controller processes the following categories of data:

Identification data (name, first name, company name, position, telephone, e-mail, address)

-Content of the message on the contact form

Mandatory or optional nature of data collection

The data collected is mandatory in order to achieve the purposes of the treatment.

Data sources

The data is transmitted directly by the data subject.

The recipients of the data

The personal data collected are reserved for the use of the data controller. No personal data is transferred by the data controller to recipients except where necessary.

What security measures are in place?

The data controller implements appropriate technical and organizational measures to ensure a level of security appropriate to the risk.

The controller shall take measures to ensure that any natural person acting under the authority of the controller or under that of the processor, who has access to personal data, shall not process them unless instructed to do so by the controller.

The existence or not of a transfer of data to a country outside the European Union and associated guarantees

The data controller does not transfer personal data outside the European Union.

If transfers are made, the data controller undertakes to ensure that such transfers are made:

-to countries with an adequate level of protection as defined by the European Data Protection Authorities or

-with appropriate safeguards in accordance with Article 46 of the GDPR, or

-in compliance with Article 49 of the RGPD.

Automated decision making

The processing does not involve fully automated decision making.

Fate of personal data after death - Right of access, rectification, deletion and portability of data

The person concerned by a processing operation can define directives concerning the conservation, erasure and communication of his/her personal data after his/her death. These directives can be general or specific.

The data subject also has the right to access, object to, rectify, delete and, under certain conditions, port his or her personal data. The data subject has the right to withdraw consent at any time if consent is the legal basis for the processing.

The request must indicate the name and surname, e-mail or postal address of the person concerned, and be signed and accompanied by a valid proof of identity.

She can exercise these rights by contacting Christine Laroussi.

The person in charge can be reached at the following number: 0476052107.

The contact email address is: contact (a) lc-truffes.com

Claim

The person concerned by a processing operation has the right to lodge a complaint with the supervisory authority (CNIL): https://www.cnil.fr/fr/webform/adresser-une-plainte