At a glance
This Privacy Policy explains what personal data LEAF by Lesaffre collects when you use the LEAF application. We collect only what is strictly necessary to authenticate you: your email address and your password. This data is never shared with third parties. We are committed to handling your data responsibly and in compliance with the General Data Protection Regulation (GDPR) and applicable French law.
1. Data Controller
The data controller for all personal data processed through the LEAF application is:
Société Industrielle Lesaffre
Trading as LEAF by Lesaffre
137 rue Gabriel Péri, 59700 Marcq-en-Barœul, France
Email: c.marteel@leaf.lesaffre.com
2. Scope of this Policy
This policy applies to all users of the LEAF application, including:
- Backoffice administrators and managers (SuperAdmin, Admin, Pro roles)
- End users who interact with events, forms, or reports generated through the platform
- Users of any connected mobile application linked to the LEAF platform
It covers all personal data collected or processed when you create an account, manage your organization, submit contact requests, or use any feature of the LEAF application.
3. Personal Data We Collect
We collect only the data strictly necessary to create and secure your account:
| Category | Data fields | Source |
|---|---|---|
| Account identity | Email address | Provided by the user on registration |
| Authentication | Password (stored as a secure hash, never in plaintext) | Provided by the user on registration |
No other personal data is collected or linked to your user account.
4. How We Use Your Data & Legal Basis
| Purpose | Legal basis |
|---|---|
| Creating and managing your user account | Performance of a contract |
| Authenticating your identity and securing access to the application | Performance of a contract / Legitimate interest |
| Ensuring platform security and preventing unauthorized access | Legitimate interest |
| Complying with legal obligations | Legal obligation |
6. International Data Transfers
Your personal data is primarily processed within the European Economic Area (EEA). Where data is transferred to countries outside the EEA, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission, or we rely on an adequacy decision.
7. Data Retention
We retain your personal data only for as long as necessary for the purposes described in this policy:
- Email address and password: retained for the duration of your account, plus 3 years after closure for legal and administrative purposes.
After the applicable retention period, data is securely deleted or anonymized.
8. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or disclosure. These include:
- Passwords stored as secure hashes (never in plaintext)
- All data transmitted over encrypted HTTPS connections
- Role-based access control — users only access data relevant to their role and organization
- Multi-tenant isolation — each organization's data is logically separated
- Regular security reviews of the platform
9. Your Rights
Under the GDPR, you have the following rights regarding your personal data:
- Access Request a copy of the personal data we hold about you.
- Rectification Ask us to correct inaccurate or incomplete data.
- Erasure Request deletion of your data ("right to be forgotten"), subject to legal retention obligations.
- Restriction Ask us to limit how we process your data in certain circumstances.
- Portability Receive your data in a structured, machine-readable format.
- Objection Object to processing based on legitimate interest or for direct marketing purposes.
- Withdraw consent Where processing is based on your consent, withdraw it at any time without affecting the lawfulness of prior processing.
To exercise any of these rights, please contact us using the details in Section 11. We will respond within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with the French data protection authority:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715 – 75334 Paris Cedex 07, France
11. Contact Us
For any question about this policy or to exercise your rights, please contact us:
Data Privacy — LEAF by Lesaffre
Société Industrielle Lesaffre
137 rue Gabriel Péri, 59700 Marcq-en-Barœul, France
Email: c.marteel@leaf.lesaffre.com
12. Updates to This Policy
We may update this Privacy Policy from time to time to reflect changes in the application, legal requirements, or our practices. When we make significant changes, we will notify you via the application or by email. The date at the top of this page always indicates when the policy was last revised.