Privacy Policy
This is a courtesy translation. The French version is the only legally binding version.
Last updated: March 2026
Introduction
This privacy policy aims to inform users of the CertiFoodie website about how their personal data is collected and processed. Openlime SAS, as the data controller, is committed to complying with the General Data Protection Regulation (GDPR) and the French Data Protection Act. Data controller: Openlime SAS, 6 rue d'Armaille, 75017 Paris. Contact: [email protected].
Data Collected
In connection with the use of the CertiFoodie website, the following personal data may be collected: email address, password (stored in hashed form), professional profile information (establishment name, category, phone number, address), food certification documents, establishment postal address.
Purposes and Legal Basis
Personal data is processed for the following purposes:
| Data | Purpose | Legal Basis |
|---|---|---|
| Email, password | User account creation and management | Contract performance |
| Professional profile | Display of the establishment's public page | Contract performance |
| Certification documents | Verification and issuance of trust badge | Contract performance |
| Establishment address | Geocoding and map display | Legitimate interest |
| Sending transactional emails (confirmation, renewal) | Legitimate interest |
Data Recipients
The collected personal data may be transmitted to the following processors, strictly within the scope of the purposes described above:
- Supabase, Inc. (United States): authentication, file storage, and database. Data is protected by the European Commission's Standard Contractual Clauses (SCCs).
- Resend, Inc. (United States): sending transactional emails. Data is protected by Standard Contractual Clauses (SCCs).
- Base Adresse Nationale API (adresse.data.gouv.fr, France): geocoding of establishment addresses. Only the postal address is transmitted.
Data Retention Period
Personal data is retained for a period of 3 years after the last activity on the user account. After this period, data is deleted or anonymized. Certification documents are retained for the duration of the certification's validity and 3 years after its expiration.
Your Rights (GDPR Articles 15-21)
In accordance with the General Data Protection Regulation, you have the following rights regarding your personal data:
- Right of access (Article 15): obtain confirmation that your data is being processed and receive a copy.
- Right to rectification (Article 16): request the correction of inaccurate or incomplete data.
- Right to erasure (Article 17): request the deletion of your data in the cases provided for by the regulation.
- Right to restriction of processing (Article 18): request the restriction of the processing of your data.
- Right to data portability (Article 20): receive your data in a structured, machine-readable format.
- Right to object (Article 21): object to the processing of your data on grounds relating to your particular situation.
To exercise your rights, send your request by email to [email protected] with a copy of your identification document.
Complaint to the CNIL
If you believe that the processing of your personal data constitutes a violation of the GDPR, you have the right to lodge a complaint with the Commission Nationale de l'Informatique et des Libertes (CNIL): CNIL, 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07. Website: www.cnil.fr.
Policy Changes
Openlime SAS reserves the right to modify this privacy policy at any time. Users will be informed of any substantial changes by email or by notification on the website. The date of the last update is indicated at the top of this page.