ARTICLE 1 : PREAMBLE
- On how their personal data is collected. Any information allowing a user to be identified is considered personal data. As such, this may include: their first and last names, their age, their postal or email address, their location or even their IP address (non-exhaustive list);
- On the rights they have regarding this data;
- On the person responsible for processing the personal data collected and processed;
- On the recipients of this personal data;
This policy supplements the legal notices which can be consulted by users at the following address:
ARTICLE 2 : PRINCIPLES RELATING TO THE COLLECTION AND PROCESSING OF PERSONAL DATA
- In accordance with article 5 of European Regulation 2016/679, personal data are :
- Processed in a lawful, fair and transparent manner with regard to the person concerned;
- Collected for specific purposes (see Article 3.1 hereof), explicit and legitimate, and not subsequently processed in a manner incompatible with these purposes;
- Adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed;
- Accurate and, where necessary, kept up to date. All reasonable measures must be taken to ensure that personal data which are inaccurate, having regard to the purposes for which they are processed, are erased or rectified without delay;
- Kept in a form allowing the identification of the persons concerned for a period not exceeding that necessary for the purposes for which they are processed;
- Processed in such a way as to ensure appropriate security of the data collected, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
Processing is only lawful if and to the extent that at least one of the following conditions is met :
- The data subject has consented to the processing of his or her personal data for one or more specific purposes;
- The processing is necessary for the performance of a contract to which the data subject is party or for the execution of pre-contractual measures taken at the request of the data subject;
- The processing is necessary for compliance with a legal obligation to which the data controller is subject;
- The processing is necessary to safeguard the vital interests of the data subject or of another natural person;
- The processing is necessary for the performance of a mission of public interest or relating to the exercise of public authority vested in the controller;
- Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the person concerned is a child.
ARTICLE 3 : PERSONAL DATA COLLECTED AND PROCESSED IN THE CONTEXT OF BROWSING THE SITE
Article 3.1 : Data collected
The personal data collected as part of our activity are as follows: Name, first name, email address
The collection and processing of this data serves the following purpose(s): Only when using the “Contact Us” form.
Article 3.2 : Method of data collection
When you use our site, the following data is automatically collected for the purposes of analyzing site traffic :
- Native country
- Device used
- Screen resolution used
- Operating system used
- Browser used
They are kept by the data controller in reasonable security conditions, for a period of: 14 months
The company may retain certain personal data beyond the time periods announced above in order to fulfill its legal or regulatory obligations.
Article 3.3 : Data hosting
The site [https://grumo-crepexpress.fr/] is hosted by :
- Chemin des Pardiaux 63000 Clermont-Ferrand
- 04 44 44 60 40
ARTICLE 4 : DATA PROCESSING RESPONSIBLE AND DATA PROTECTION DELEGATE
Article 4.1 : The data controller
Personal data is collected by:
SASU with capital of 10,000 euros
Registered with the RCS of LYON under number Lyon B 821 684 941
The person responsible for processing personal data can be contacted as follows :
- By mail to the address: 41 RUE D’ANVERS 69007 LYON
- By email:
Article 4.2 : The data protection delegate
The data protection officer of the company or manager is :
- Christian BACQUE
- 41 RUE D’ANVERS 69007 LYON
If you believe, after contacting us, that your “Computer and Liberties” rights are not respected, you can send information to the CNIL.
ARTICLE 5 : USER RIGHTS REGARDING DATA COLLECTION AND PROCESSING
Any user concerned by the processing of their personal data can avail themselves of the following rights, in application of European regulation 2016/679 and the Data Protection Act (Law 78-17 of January 6, 1978) :
- Right of access, rectification and right to erasure of data (set out respectively in Articles 15, 16 and 17 of the GDPR);
- Right to data portability (article 20 of the GDPR);
- Right to limitation (article 18 of the GDPR) and to object to data processing (article 21 of the GDPR);
- Right not to be the subject of a decision based exclusively on an automated process;
- Right to determine the fate of data after death;
- Right to refer the matter to the competent supervisory authority (article 77 of the GDPR).
To exercise your rights, please send your letter to GRUMO JF 41 RUE D’ANVERS 69007 LYON or by email to
In order for the data controller to grant his request, the user may be required to communicate certain information such as: his first and last names, his email address as well as his account number, personal space or subscriber.
Visit the cnil.fr website for more information on your rights.
ARTICLE 6 : CONDITIONS FOR MODIFICATION OF THE CONFIDENTIALITY POLICY
The publisher of the GRUMO site reserves the right to modify this policy at any time in order to assure users of the site that it complies with current law.
The user is invited to read this Policy each time he uses our services, without it being necessary to formally notify him.
This policy, published on 01/05/2023, was updated on 09/11/2023 (English version added)