Personal data protection policy

Pursuant to European Regulation (EU) 2016/679 (also known as “GDPR”) on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, you will find below our personal data protection policy.

Such data includes any information that can be used to identify you directly or indirectly as a natural person.

This personal data protection policy (hereinafter, the “Policy”), is aimed at informing you of what data we collect, why, and on what basis, and how we use and retain it, as well as you rights concerning such data. We urge you to carefully read this Policy so that you know and understand our practices concerning the processing of your personal data that we conduct.

Please note that this Policy is subject to change or supplementation at any time by us, particularly in order to bring it into compliance with any legislative, regulatory, case law or technological changes. Therefore, you should regularly check this policy to find out about any changes to it.

 I. Identity of the data controller

The data controller of the personal data is the company:

EPI INGREDIENTS

ZONE INDUSTRIELLE L’HERMITAGE 44150 ANCENIS-SAINT-GEREON (FRANCE)

SIREN number: 408 228 559 R.C.S. NANTES

Tel: +33 (0) 251 142 364                       Email address: mlucot@laita.fr

Personal data subject to processing

The information that we collect is used to improve the services that we provide you. It is data concerning your identity (last name, first name), your professional activity, concerning your internet navigation (IP addresses, login data, cookies).

Some personal data that we process may also come from third-party partners, such as your social network profile on (LinkedIn, Twitter). We urge you to read Part V below for more details.

II. The various types processing that we conduct using that data

We process your personal data in order to perform, supply, and improve the services that we offer you.

The processing may be for all or part of the following purposes:

1.     MEET YOUR REQUESTS

We can process your personal data to satisfy your requests, in particular with the contact form.

2.     COMPLIANCE WITH OUR LEGAL OBLIGATIONS

In some cases, we have a legal obligation to collect and process your personal data.

3.     FULFILLING YOUR RIGHTS

We may process your personal data to fulfil your requests to exercise your rights. We urge you to read Part VI of this Policy to learn about your rights.

4.     SHARING YOUR INFORMATION

We do not sell your personal data. We only share your personal data with our third-party under certain, very specific situations. Thus, we share your personal data when the law requires us to do so, or we share your personal data with third-party partners (based in the European Union), who provide us with services such as the hosting of our websites.

We urge you to read Part V of our Policy on this topic.

5.     MANAGING AND IMPROVING OUR WEBSITE

When you go to our website, we collect information, such as your IP address, your position, the times of the visit, etc., to find out the habits of persons using our site and to improve their experience.

 III. Personal data retention times

Your personal data will be retained for as long as necessary to fulfil the purpose of its collection.

We also retain the personal data for a time period enabling us to process or respond to complaints or any requests for information about the purchase.

The personal data concerning you may also be retained longer in accordance with legal obligations, applicable prescription periods, or recommendations from the French Data Protection Authority (CNIL), for example:

  • Connection logs: 1 year starting from the last login;
  • Cookies: 13 months starting from their placement on your computer;
  • Identifying data from customers (name, address, telephone number, etc.): 3 years from the end of commercial relations.

 IV. Data recipients

Your personal data may be the subject of a transfer to other companies in our Group located within the European Union. All of our companies are obligated to comply with the confidentiality and personal data protection practices listed in this Policy.

Your personal data may also be transferred to other companies based in the European Union, based on contracts establishing personal data transfer requirements.

V. Your rights

You have the following rights concerning your personal information, which you may exercise by writing to us at the following the email address dpo@laita.fr  

To do so, we would like to inform you that the CNIL has provided a letter generator that will help you make your request: https://www.cnil.fr/fr/modeles/courrier

If the elements provided in your request to exercise your rights do not enable us to identify you positively, we may be required to ask you for a copy of a current form of ID (ID card or passport in the following format: GIF, JPG, PNG, PDF).

1. RIGHT OF ACCESS AND COMMUNICATION OF DATA

You have the option to find out if and how we process your personal data and to obtain the communication of the data in a comprehensible format.

However, due to our security and privacy obligation concerning the processing of personal data, you are hereby informed that your request will be processed as long as you provide proof of your identity, particularly by producing a copy of one of your valid IDs (either electronically or through a signed paper photocopy).

We hereby inform you that we will be entitled, as applicable, to object to obviously abusive requests (due to their number, their repeated or systematic nature) as well as to requests infringing on the rights of third parties.

Such requests may be made by sending us a written request to the address mentioned above, using the letter template developed by the CNIL.

2. RIGHT OF DATA RECTIFICATION

You have the right to request the correction, updating, locking, or deletion of the personal data concerning you that may be inaccurate, incorrect, incomplete, or obsolete.

Such requests may be made by sending us a written request to the address mentioned above, using the letter template developed by the CNIL.

3. RIGHT TO OBJECT

The right to object enables you to object to your personal data being processed by us. You must justify such an objection request with reasons about your particular situation, except concerning sales canvassing (including profiling to the extent that it is linked to such sales canvassing), which you may object to without giving a reason.

Thus, if your objection request does not concern sales canvassing, we will be entitled to reject your request on the grounds that:

  • You have given your consent: you may withdraw your consent, however;
  • There are legitimate, urgent reasons for processing your data;
  • We are bound by a contract;
  • We are under a legal obligation to process your data;
  • The processing is required to protect your interests.

Such requests may be made by sending us a written request to the address mentioned above, using the letter template developed by the CNIL.

4. RIGHT OF ERASURE

You have the right to ask us to erase your personal data as soon as possible.

We hereby inform you that, in rare cases, we may not be able to fulfil your request, particularly in the context of compliance with a legal obligation (e.g., the retention period for an invoice and therefore the associated data is 10 years).

Such requests may be made by sending us a written request to the address mentioned above, using the letter template developed by the CNIL.

5. RIGHT TO RESTRICTION OF PROCESSING

You have the right to request the restriction of processing.

Such requests may be made by sending us a written request to the address mentioned above, using the letter template developed by the CNIL.

6. RIGHT TO PORTABILITY

You have the right to portability of your personal data, i.e., to receive the personal data that you have provided us, in a structured, commonly-used, machine-readable format, and to transmit that data to another data controller.

We hereby inform you that this right is not implemented unless your data is processed automatically (paper files are therefore not concerned), and based on your prior consent or the performance of a contract entered into with you.

To exercise this right, we urge you to contact us as follows the email address: dpo@laita.fr  

7. DIGITAL WILL

You have the right to provide us with special directives regarding the fate of your personal data after your death, particularly with regard to its retention, erasure, and communication in the context of the processing conducted by us.

Such directives may be provided to us by you using the online contact form, or by writing to dpo@laita.fr 

Such directives may be amended at any time. In the absence of directives or mentions to the contrary, the heirs of a deceased person may exercise the rights of the deceased person.

8. RESPONSE TIMES

We are committed to responding to your access, rectification, or objection request, or any other request for additional information within a reasonable time period which shall not exceed ONE (1) month starting from the receipt of your request.

However, we may extend this time limit by two additional months depending on the complexity and number of requests. You will then be informed of that extension of the response time, within the month following your request.

9. RIGHT TO CONTACT THE COMPETENT DATA PROTECTION AUTHORITY

In the event of difficulties, you have the right to submit a complaint with the CNIL: https://www.cnil.fr/fr/plaintes

10. WITHDRAWAL OF CONSENT

You also have the right to withdraw your consent, for personal data processing based on the obtainment of your consent. If, for example, you have given us your approval to send you advertising messages electronically, you may unsubscribe from receiving such messages at any time by clicking on the unsubscribe list at the bottom of the advertising messages you receive.

You may also delete your user account at any time and without a reason, directly online or by contacting our customer service department.

For all other withdrawals of your consent, we urge you to contact us as follows: either using the online form, or the email address: dpo@laita.fr

VI. Cookies and other technologies

This paragraph is to help you better understand how cookies work and how to configure them.

WHAT IS A COOKIE?

A cookie is a text file placed on your computer when you visit a site or read an ad. Its purpose is to collect information about your browsing and to target appropriate services to your terminal (computer, mobile phone, or tablet). Cookies are managed by your web browser in particular.

OUR USE OF COOKIES

When using our site, cookies or other trackers are placed on your computer, mobile phone, or tablet.

The information we collect in this way enables us to provide you with more appropriate, better quality content on our site, analyse your browsing, and identify and solve any problems.

HOW DO I CONFIGURE COOKIES?

When you first visit our website, a banner informs you of the presence of these cookies in urges you to make your choice via the Cookie manager .

You may, at any time, find out about and configure your cookies, to accept them or reject them, by going at the bottom of each page on the site.

For more information on configuring cookies, we urge you to read the dedicated CNIL page by clicking on this link: https://www.cnil.fr/fr/cookies-les-outils-pour-les-maitriser

VII. PERSONAL DATA SECURITY

We are committed to implementing measures aimed at ensuring the security of your personal data. These are appropriate technical and organisational measures to ensure an appropriate level of security. They may include:

  • Pseudonymisation and encryption of data;
  • Resources making it possible to ensure the constant confidentiality, integrity, availability, and resilience of the processing systems and services;
  • Resources making it possible to re-establish the availability of personal data and access thereto within appropriate time limits in the event of a physical or technical incident;
  • A procedure aimed at testing, analysing, and regularly assessing the effectiveness of technical and organisational measures for ensuring processing security;


In this aim of security, we ask you to please keep your password confidential and not disclose it to anyone. You remain responsible for any problems caused by the failure to respect the confidentiality of the password that you have chosen to use to access your personal account.

VIII. DATA PROTECTION OFFICER


The contact information for our personal Data Protection Officer is dpo@laita.fr

 IX. Us and social networks

Third party social networks that embed interactive modules on our website may use cookies or other trackers to collect information about your use of our website.

The use of such information by a third party depends on the privacy policy posted on the site of the social network concerned. We encourage you to read that privacy policy carefully.

That third party may use those cookies or other tracking methods for its own purposes by connecting the information regarding your use of our site with the personal information that it holds concerning you. We can also obtain analytical data from those social networks. Such information enables us to measure the effectiveness of our content and our advertisements on social networks.

Most web browsers employ a simple procedure for rejecting such technologies.

X. Personal data of minors

Our websites, products, and applications are not designed for minors (-18 years old), and we ask the minors concerned not to provide us with personal information. If we establish that we have collected personal data on a minor, we will take all necessary measures to delete such information as soon as possible.