Privacy Policy

Last updated: February 20, 2026

1. DATA CONTROLLER

GROUPE JLF (SAS)
SIRET: 31428413400041
Address: 30 AVENUE DE MAISON BLANCHE, 16320 VILLEBOIS-LAVALETTE

Controller’s contact details:

2. PURPOSES AND LEGAL BASES OF PROCESSING

In accordance with Article 6 of the General Data Protection Regulation (GDPR), we collect your personal data for specific purposes, each based on a defined legal basis:

  • Handling requests via the contact form: This processing is based on our legitimate interest in responding to you or on the execution of pre-contractual measures if your request concerns a future contract.
  • Newsletter subscription and sending communications: This processing is based on your prior consent, which you may withdraw at any time.
  • Order management, deliveries, and invoicing: This processing is based on the performance of the contract binding us.
  • Website security and service improvement: This processing is based on our legitimate interest in ensuring the proper functioning of our platform.
  • Accounting and tax declarations: This processing is based on compliance with our legal obligations.

3. PERSONAL DATA COLLECTED

We collect and process the following categories of personal data, in strict compliance with the principle of data minimization (only necessary data is requested):

  • Last name and first name
  • Email address
  • Phone number
  • Postal address
  • Profession

4. SOURCES AND MEANS OF COLLECTION

Your personal data is collected by the following means:

  • Contact forms
  • Registration forms
  • Cookies and trackers

During each collection, you are explicitly informed whether the requested data is mandatory or optional (generally indicated by an asterisk).

5. RETENTION PERIODS

Personal data is retained for periods defined according to legal obligations and processing purposes:

  • Prospects (without signed contract): 3 years from the last contact initiated by the prospect.
  • Clients: 10 years after the end of the contractual relationship.
  • Accounting and tax archiving: 10 years (legal obligation).
  • Browsing data and cookies: Maximum 13 months.
  • Marketing data and newsletters: 3 years without interaction, or until you withdraw your consent.

Upon expiration of these periods, data is either permanently deleted or irreversibly anonymized.

6. DATA RECIPIENTS

6.1 Internal Recipients

Your data is accessible only to GROUPE JLF’s internal departments competent to handle your request, in compliance with the need-to-know principle.

6.2 Sub-processors

We use the following service providers, bound by contracts guaranteeing the security of your data (Article 28 of the GDPR):

  • Kinsta (Hosting): Servers located in the European Union.
  • Google (Analytics / Services): Servers located in the European Union and the United States.

6.3 Other recipients

Your data may be communicated to competent administrative or judicial authorities upon legal request and within the framework of procedures provided by law.

7. DATA TRANSFERS OUTSIDE THE EUROPEAN UNION

As part of the use of certain sub-processors’ services (notably Google), data may be transferred outside the European Union, particularly to the United States. These transfers are carried out securely and in accordance with the GDPR, relying on adequacy decisions (such as the Data Privacy Framework between the EU and the United States) or on the signing of Standard Contractual Clauses of the European Commission.

8. SECURITY MEASURES

We implement appropriate technical and organizational measures to ensure a level of security adapted to the risks:

  • Pseudonymization and encryption of personal data during transmission (SSL/HTTPS).
  • Systems ensuring the confidentiality, integrity, availability, and resilience of data.
  • Regular backups to restore data availability in the event of an incident.
  • Awareness of our employees regarding data protection and strict confidentiality obligation.

9. YOUR RIGHTS

In accordance with regulations, you have the following rights regarding your data:

  • Right of access (Art. 15): Obtain confirmation that your data is being processed and receive a copy.
  • Right to rectification (Art. 16): Have inaccurate or incomplete data corrected.
  • Right to erasure (Art. 17): Obtain the deletion of your data in certain cases.
  • Right to restriction of processing (Art. 18): Temporarily suspend the use of your data.
  • Right to data portability (Art. 20): Receive your data in a structured format to transmit it to a third party.
  • Right to object (Art. 21): Refuse the processing of your data for reasons relating to your particular situation, and systematically refuse commercial prospecting.
  • Withdrawal of consent: If processing is based on your agreement, you may withdraw it at any time.
  • Post-mortem directives: Define the fate of your data after your death (French Data Protection Act).

9.1 Exercising your rights

You can contact us:

  • By email: info@groupe-jlf.com
  • By mail: 30 AVENUE DE MAISON BLANCHE, 16320 VILLEBOIS-LAVALETTE

We commit to responding to you within a maximum of one month from receipt of your request (extendable by two months in case of complexity). Proof of identity may be requested in case of reasonable doubt about your identity.

9.2 Right to lodge a complaint

If you believe that the processing of your data does not comply with the GDPR, you can lodge a complaint with the CNIL:

  • Address: 3 Place de Fontenoy – TSA 80715 – 75334 PARIS CEDEX 07
  • Phone: 01 53 73 22 22
  • Website: www.cnil.fr

10. COOKIES AND TRACKERS

We use the Complianz tool to collect and manage your consent regarding cookies and trackers. These small files placed on your device allow us to:

  • Ensure the proper functioning of the site.
  • Improve your browsing experience.
  • Establish visit statistics.
  • Offer you tailored content.

For more details, consult our dedicated policy: https://www.groupe-jlf.com/politique-de-cookies-ue/
You can change your preferences at any time via our consent banner or your browser.

11. AUTOMATED DECISION-MAKING AND PROFILING

We do not carry out any fully automated decision-making that produces legal effects concerning you or significantly affects you.

12. DATA BREACH

In the event of a security breach entailing a risk to your rights, we commit to:

  • Notifying the incident to the CNIL within 72 hours.
  • Informing you as soon as possible if the risk is high.
  • Taking all necessary corrective measures.

13. MODIFICATIONS TO THIS POLICY

This policy may evolve to reflect our practices or regulations. In the event of substantial modification, we will inform you by email or via a notification on our site.

14. CONTACT

For any questions regarding the processing of your data:

GROUPE JLF

  • Email: info@groupe-jlf.com
  • Phone: 04 78 37 07 37
  • Address: 30 AVENUE DE MAISON BLANCHE, 16320 VILLEBOIS-LAVALETTE