Our data privacy policy

In compliance with European Regulation no. 2016/679 (the “GDPR”) on the protection of individuals with regard to the processing of personal data and on the free movement of such data, you will find our Personal Data Protection Policy below.

These data correspond to any information that can be used to identify you directly or indirectly as an individual.

The aim of this Personal Data Protection Policy (hereinafter, referred to as the “Policy”) is to inform you of what data we collect, for what reason and on what basis, and how we use and store it, as well as your rights concerning this data. Please read this Policy carefully so that you understand and are aware of the practices we implement regarding the processing of your personal data.

Please note that this Policy may be modified or added to at any time by us, particularly in order to comply fully with any legislative, regulatory, case law or technological changes. It is therefore advisable that you consult this Policy regularly in order to be aware of any possible changes.

I. Identity of the data controller

The data controller of the personal data is the company EPI INGREDIENTS, a simplified joint stock company, the headquarters of which is found at ZONE INDUSTRIELLE HERMITAGE – 44150 ANCENIS-SAINT-GEREON in France, and registered with the NANTES Register of Companies under the number 408 228 559, represented by Mr Mathieu LUCOT, in his capacity as Marketing Manager.

Telephone number: +33 (0) 251 142 364

Email address :  mlucot@laita.fr

II. Personal data subject to processing

We may collect your personal data in order to provide you with the services we are offering you via our website. These data concern your identity (surname, first name), your professional data (company, professional e-mail address, professional telephone number), and your browsing history on our internet site (IP addresses, login data, cookies).

Some personal data that we process may also come from third-party partners, such as your profile on a social network (Twitter, LinkedIn). Please read Part V below for more information.

III. Various processing operations carried out on these data

We process your personal data in order to perform, supply, and improve the services we offer you.

Data processing is strictly necessary for the following purposes:


We process your personal data to fulfill your requests, especially via the contact form


We process your personal data to fulfill your requests to exercise your rights. Please read Part VI (below) of our Policy to learn more about your rights


We do not sell your personal data. We only share your personal data with our third-party partners under certain, very specific situations. Therefore, we share your personal data when required by law, or we share your personal data with third-party partners (based in the European Union), who provide us with services such as website hosting.  Please read Part V (below) for more information about this subject.


When you visit our website, we collect information (IP address, visit times, etc.), so that we can understand the habits of the persons who are using our site and to improve their experience.

IV. Retention time for these data

Your personal data are kept for as long as necessary to fulfill the reason why they were collected. We also keep personal data for a period of time enabling us to process or respond to complaints or any requests for information.

Your personal data may also be kept for longer in compliance with legal obligations, applicable legal limitation periods or CNIL recommendations, for example:

  • Connection logs: 1 year from the last login
  • Cookies: 13 months starting from when they are placed on your computer

V. Data recipients

Your personal data may be transferred to other companies in our Group based in the European Union. All of our companies are required to comply with the confidentiality and personal data protection practices outlined here.

Your personal data may also be transferred to other companies based in the European Union, based on contracts setting the requirements for the transfer of personal data.

VI. Your rights

You have the following rights regarding your personal information, which you can exercise by writing to us at the following the email address: dpo@laita.fr or at this postal address: LAITA – DPO (Data Protection Officer) – 4 rue Henri Becquerel – CS 30302 – 29806 Brest Cedex 9.

To do this, we inform you that the CNIL provides a letter generator that will help you make your request: https://www.cnil.fr/fr/modeles/courrier

If the elements provided in your request to exercise your rights do not enable us to identify you with certainty, we may be required to ask you for a copy of a valid identity document (ID card or passport in the following format: GIF, JPG, PNG, PDF).


You have the right to know if and how we process your personal data and to obtain the communication of it in an understandable format. However, due to the security and privacy obligation for the processing of personal data, you are hereby informed that your request will be processed as long as you provide proof of your identity, in particular by producing a copy of one of your valid identity documents (either electronically or via a signed paper photocopy).

We hereby inform you that we will be entitled, if need be, to object to clearly abusive requests (sent repeatedly, systematically or in high numbers) as well as to requests infringing on the rights of third parties.

This request may be made by sending us a written request to the address mentioned above, using the CNIL’s letter template.


You have the right to request the correction, updating, blocking or even the deletion of the personal data concerning you that may be, depending on the case, inaccurate, incorrect, incomplete or obsolete.

This request may be made by sending us a written request to the address mentioned above, using the CNIL’s letter template.


The right to object enables you to object to your personal data being processed by us. You must justify this request to object with reasons about your particular situation, except with regard to commercial prospecting (including profiling insofar as it is linked to this commercial prospecting), for which you may object to without giving a reason.

Therefore, if your request to object does not concern commercial prospecting, we will be entitled to refuse your request based on the grounds that:

  • you have given your consent: you may withdraw your consent, however,
  • there are legitimate and compelling reasons for processing your data;
  • we are bound by a contract;
  • we are under a legal obligation to process your data;
  • processing is required to safeguard your interests

This request may be made by sending us a written request to the address given above, using the CNIL’s letter template.


You have the right to ask us to delete your personal data without undue delay.

We hereby inform you that, in rare cases, we may not be able to fulfill your request, particularly in the context of compliance with a legal obligation. This request may be made by sending us a written request to the address mentioned above, using the CNIL’s letter template.


You have the right to request that the processing of data be limited. This request may be made by sending us a written request to the address mentioned above, using the CNIL’s letter template.


You have the right to the portability of your personal data, i.e. to receive the personal data that you have provided us, in a structured, commonly used and machine-readable format, and to send these data to another data controller.

We hereby inform you that this right can only be implemented if your data is processed automatically (therefore, this does not concern paper files) and on the basis of your prior consent or the fulfillment of a contract between us and you. To exercise this right, please send us your request in writing.


You have the right to provide us with specific instructions regarding the fate of your personal data after your death and in particular with regard to their storage, deletion and communication in the context of the processing carried out by us. Please send us these instructions in writing. These instructions can be changed at any time. In the absence of instructions or mentions to the contrary, the heirs of a deceased person may exercise the rights of the deceased person.


We are committed to responding to your request for access, rectification or objection or any other request for additional information within a reasonable period of time which shall not exceed ONE (1) month starting from receipt of your request.  However, we may extend this time limit by two additional months depending on the complexity and the number of requests. You will then be informed of this extension of the response time, within one month after your request.


If there is a problem, you have the right to lodge a complaint with the CNIL: https://www.cnil.fr/fr/plaintes


You also have the right to withdraw your consent for the processing of your personal data after obtaining your consent.

VII. Cookies and other technologies

This paragraph is to help you better understand how cookies work and how to configure them.


A cookie is a text file stored on your computer when visiting a site or reading an advertisement. Its purpose is to collect information about your browsing and to send appropriate services to your terminal (computer, mobile phone, or tablet). Specifically, cookies are managed by your web browser.


When using our site, cookies or other trackers are stored on your computer, mobile phone, or tablet. The information we collect in this way enables us to provide you with more appropriate and better quality content on our site, to analyse your browsing, and to identify and solve any problems.


During your first visit to our website, a banner appears to tell you about the presence of these cookies and asks you to make your choice via the Cookie Manager.

You may, at any time, find out about and configure your cookies in order to either accept or reject them, by going to the bottom of each page on the site.

For more information on configuring cookies, please read the dedicated CNIL page by clicking on this link: <a href=”https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser”>https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser.


We are committed to implementing measures to ensure the security of your personal data. These measures are appropriate on a technical and organizational level to ensure an appropriate level of security. Among other things, this may include:

  • the means to ensure the constant confidentiality, integrity, availability and resilience of processing systems and services;
  • the means to restore the availability of data and access to it in a timely manner in case of a physical or technical incident;
  • a procedure to regularly test, analyse and evaluate the effectiveness of technical and organizational measures to ensure the security of the processing;


The contact information for our Data Protection Officer is:

  • LAITA – DPO (Data Protection Officer) – 4 rue Henri Becquerel – CS 30302 – 29806 Brest Cedex 9.
  • dpo@laita.fr

X. Us and social networks

Third party social networks that embed interactive modules on our website may use cookies or other trackers to collect information about your use of our website.

The use of this information by a third party depends on the privacy policy posted on the site of the social network concerned. Please read this confidentiality policy carefully.
This third party may use these cookies or other tracking methods for its own purposes by linking the information regarding your use of our site with the personal information that it holds concerning you. We may also obtain analytical data from these social networks. This information helps us to measure the effectiveness of our content and our advertising on social networks. We hereby inform you that most internet browsers provide a simple procedure allowing you to refuse these technologies (see part VII above).

XI. Personal data of minors

Our website is intended for our professional customers and not for minors (-18 years old) under any circumstances.

If we find that we have collected the personal data of a minor despite this warning, we will take all necessary steps to delete this information as soon as possible.

Version Updated on April 6, 2022