Logo Le Petit Grain

LE PETIT GRAIN

+33 4 72 41 77 85

Privacy Policy

When you use the website https://www.le-petit-grain-lyon.fr (hereinafter the “Site”), Le Petit Grain may collect personal data concerning you.

The purpose of this policy is to inform you about how we process this data in compliance with Regulation (EU) 2016/679 of April 27, 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “GDPR”).

1. Data Controller

  • Le Petit Grain, SARL with a capital of €5,000.00
  • Registered office: 19 rue de la Charité, 69002 Lyon, France
  • Registration: SIREN 921 691 036 00013
  • Contact point for personal data matters: Rémi Barrier
  • Contact email address: contact@le-petit-grain-lyon.fr

2. Data Collected

We collect data belonging to the following categories:

  • Identification data (identity, contact details, etc.);
  • Any information provided as part of your requests;
  • Internet data (IP address, browser, device, etc.);
  • Testimonials and review data (your experience following a service);

Mandatory data is indicated when you provide your data. It is marked with an asterisk and is necessary for us to provide our services.

We do not make any decisions producing legal effects concerning you solely on the basis of automated processing (including profiling).

3. Purposes of Processing

Purpose Legal basis Retention period
Responding to incoming requests Contract (pre-contractual measures) 3 years from your last contact
Managing customer follow-up and commercial prospecting Legitimate interests Clients: duration of the contractual relationship + 3 years Prospects: 3 years from your last contact
Showcasing services through testimonials Consent 3 years from the submission of the testimonial or until consent is withdrawn
Handling GDPR rights requests Legal obligation 1 year from our response
Securing the website Legitimate interests 6 months
Analyzing traffic and improving the website Legitimate interests 13 months

4. Data Recipients

The following will have access to your personal data:

  • Our company’s staff;
  • Our processors: Google, Microsoft, Full Concept;
  • Where applicable: public and private bodies, exclusively to comply with our legal obligations.

5. Transfers Outside the European Union

As part of the tools we use, your data may be transferred outside the European Union.

These transfers are secured using the following safeguards:

  • Either the data is transferred to a country that has been subject to an adequacy decision by the European Commission, in accordance with Article 45 of the GDPR: in this case, the country ensures a level of protection deemed sufficient and adequate under the GDPR;
  • Or the data is transferred to a country whose level of protection has not been recognized as adequate under the GDPR: in this case, such transfers are based on appropriate safeguards as set out in Article 46 of the GDPR, adapted to each provider, including but not limited to the conclusion of standard contractual clauses approved by the European Commission, the implementation of binding corporate rules, or an approved certification mechanism;
  • Or the data is transferred on the basis of one of the appropriate safeguards described in Chapter V of the GDPR.

6. Your Rights Regarding Your Data

You have the following rights regarding your personal data:

  • Right of access: you have the right to access all your personal data at any time, pursuant to Article 15 of the GDPR.
  • Right to rectification: you have the right to rectify inaccurate, incomplete, or outdated personal data at any time in accordance with Article 16 of the GDPR.
  • Right to restriction: you have the right to obtain restriction of processing of your personal data in certain cases defined in Article 18 of the GDPR.
  • Right to erasure: you have the right to request that your personal data be erased and to prohibit any future collection, for the reasons set out in Article 17 of the GDPR.
  • Right to lodge a complaint with a supervisory authority (in France, the CNIL), if you believe that the processing of your personal data constitutes a violation of applicable regulations (Article 77 of the GDPR).
  • Right to define instructions regarding the retention, deletion, and communication of your personal data after your death.
  • Right to withdraw your consent at any time: for processing based on consent, Article 7 of the GDPR provides that you may withdraw your consent at any time. This withdrawal does not affect the lawfulness of processing carried out prior to the withdrawal.
  • Right to data portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and to request its transfer to a recipient of your choice.
  • Right to object: pursuant to Article 21 of the GDPR, you have the right to object to the processing of your personal data. However, we may continue to process your data despite this objection for legitimate reasons or for the defense of legal claims.

You may exercise these rights by writing to us using the contact details provided in section 1 of this privacy policy. We may request additional information or documents to verify your identity.

7. Changes

We may modify this policy at any time, in particular to comply with any regulatory, case law, editorial, or technical developments. These modifications will take effect on the date the updated version comes into force. You are therefore encouraged to regularly review the latest version of this policy. However, we will inform you of any significant changes to this privacy policy.

Effective date: 21/11/2025
Last updated: 23/03/2026