🔐 Privacy Policy

Last update: 05/06/2026

1. Introduction

This Privacy Policy describes how {company} (SIRET: {siret}) collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR - Regulation EU 2016/679).

We are committed to protecting your privacy and processing your personal data in a transparent, secure, and confidential manner.

2. Data Controller

Company name: Artisan Peinture

SIRET: 12121212121212

Address: ., . .

Email: contact@artisan-peinture.com

3. Personal Data Collected

3.1. When requesting a quote

  • Identification data: Last name, first name
  • Contact details: Email, phone, project address
  • Project data: Surface area, paint type, project details
  • Legal basis: Pre-contractual measures (Article 6.1.b GDPR)

3.2. When creating a customer account

  • Identification data: Last name, first name, email
  • Connection data: Password (hashed), last login date
  • Legal basis: Contract execution (Article 6.1.b GDPR)

3.3. During online payment

  • Payment data: Processed directly by Stripe (PCI-DSS compliant)
  • Stored data: Amount, date, payment status (no card number)
  • Legal basis: Contract execution (Article 6.1.b GDPR)

3.4. When publishing a review

  • Data: Last name, first name, rating, comment
  • Legal basis: Explicit consent (Article 6.1.a GDPR)

3.5. Technical cookies

  • PHPSESSID: Symfony session cookie (essential)
  • csrf_token: CSRF attack protection (essential)
  • Legal basis: Legitimate interest (site security)

4. Processing Purposes

Your personal data is collected and processed for the following purposes:

  • 📋 Quote request management and personalized quote creation
  • 💳 Payment processing online (deposit and balance)
  • 🔧 Project management and work monitoring
  • 📧 Communication regarding your project (confirmation emails, notifications)
  • 📊 Accounting management (invoices, tax obligations)
  • Customer review publication (with your consent)
  • 🔒 Security and fraud prevention

5. Data Retention Period

Data type Retention period Legal basis
Invoices and accounting data 10 years Legal obligation (Commercial Code)
Signed quotes and projects 10 years Ten-year warranty
Unconverted quote requests 3 years Commercial prescription
Inactive customer accounts 3 years without login Legitimate interest
Customer reviews Indefinite (unless deletion request) Consent

6. Data Recipients

Your personal data is accessible only to the following:

  • 👷 The painter ({company}) for managing your project
  • 💳 Stripe (PCI-DSS certified payment provider) - Stripe Privacy Policy
  • 📧 Gmail/SMTP (notification email sending)
  • 📊 Google Ireland Limited (Google Analytics 4) — audience measurement, only if you accepted analytics cookies — Google Privacy Policy

No data is sold, rented, or shared with third parties for commercial purposes.

7. Your Rights (GDPR)

In accordance with GDPR, you have the following rights:

📥 Right of access

You can request a copy of all personal data we hold about you.

✏️ Right of rectification

You can correct inaccurate or incomplete data from your customer area.

🗑️ Right to erasure

You can request deletion of your data (except legal obligations: invoices 10 years).

📦 Right to portability

You can download your data in a structured format (JSON) from your customer area.

🚫 Right to object

You can object to processing of your data for direct marketing purposes.

⏸️ Right to limitation

You can request processing limitation during data accuracy verification.

📧 How to exercise your rights?

To exercise any of these rights, contact us:

We will respond within a maximum of 1 month in accordance with GDPR.

8. Data Security

We implement the following security measures:

  • 🔒 HTTPS encryption for all communications
  • 🔐 Hashed passwords (bcrypt/argon2 algorithm)
  • 🛡️ CSRF protection on all forms
  • 💳 Secure payments via Stripe (PCI-DSS Level 1 certified)
  • 💾 Regular backups of the database
  • 🚫 Restricted access to personal data (only the craftsman has access)

9. Cookie Policy

Our site uses essential cookies (required) and, with your consent, audience measurement cookies (Google Analytics 4):

Cookie Purpose Duration
PHPSESSID User session management Session (deleted on browser close)
csrf_token CSRF attack protection Session
cookies_consent (localStorage) Stores your choice (essential only or analytics accepted) Until you change your choice (browser storage)
_ga, _ga_* Audience measurement (Google Analytics 4) — page views, traffic source, device Up to 13 months (per Google)

Google Analytics cookies are only set if you click "Accept all" in the cookie banner. You may refuse and use essential cookies only. Google Privacy Policy.

10. Policy Modifications

We reserve the right to modify this Privacy Policy at any time. Any modification will be published on this page with a new update date.

We encourage you to regularly consult this page to stay informed about how we protect your data.

11. Right to Complaint

If you believe your rights are not being respected, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):

CNIL

3 Place de Fontenoy - TSA 80715

75334 PARIS CEDEX 07

Phone: 01 53 73 22 22

Website: www.cnil.fr

12. Contact Us

For any questions regarding this Privacy Policy or the processing of your personal data:

Artisan Peinture

📧 Email: contact@artisan-peinture.com

📍 Address: ., . .

← Back to home
Legal notice Terms & Conditions