Privacy Policy — VITACEAE

VITACEAE is committed to protecting the privacy of visitors to vitaceae.fr and of our clients. This Privacy Policy explains how we collect, use, store and protect your personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and French data protection law (Loi Informatique et Libertés).

Last updated: May 2026

Data Controller

VITACEAE
Represented by: Philippe Petit, Founder
Email: contact@vitaceae.fr
Address: [to be completed]

Data We Collect

We collect personal data in the following circumstances:

Contact forms: When you submit an enquiry via our website, we collect your name, email address, telephone number (if provided), professional role, and the content of your message. Legal basis: legitimate interest (responding to your enquiry) and, where applicable, pre-contractual measures.

Client engagement: When you engage VITACEAE for advisory services, we collect additional information as required by our KYC/AML obligations under French anti-money laundering regulations (Code monétaire et financier, articles L.561-1 et seq.). This includes identity documents, proof of address, professional status, beneficial ownership information and source of funds. Legal basis: legal obligation (LCB-FT compliance).

Website analytics: We collect anonymised usage data through cookies and similar technologies as described in our Cookie Policy. Legal basis: consent (via cookie banner).

How We Use Your Data

Personal data collected is used exclusively for the following purposes: responding to your enquiries, providing advisory services under our engagement terms, complying with legal and regulatory obligations (including KYC/AML requirements), improving our website functionality and user experience, and sending market insights to subscribers who have opted in.

We do not sell, rent or share your personal data with third parties for marketing purposes. We do not use your data for automated decision-making or profiling.

Data Retention

Contact form submissions are retained for 3 years from last contact. Client engagement data is retained for the duration of the engagement plus 5 years thereafter (legal obligation). KYC/AML documentation is retained for 5 years following the end of the business relationship, as required by French law. Analytics data is retained for 13 months maximum.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure or destruction. These measures include SSL/TLS encryption for data in transit, access controls limiting data access to authorised personnel, secure hosting within the European Union, and regular security audits.

Your Rights

Under the GDPR, you have the following rights regarding your personal data: the right of access (Article 15), rectification (Article 16), erasure (Article 17), restriction of processing (Article 18), data portability (Article 20), and the right to object to processing (Article 21). You also have the right to withdraw consent at any time where processing is consent-based.

To exercise any of these rights, contact us at contact@vitaceae.fr. We will respond within one month. You also have the right to lodge a complaint with the CNIL (Commission Nationale de l'Informatique et des Libertés), France's data protection authority.

International Data Transfers

Your personal data is stored and processed within the European Economic Area (EEA). In the event that data transfer outside the EEA is required (for example, through the use of certain service providers), we ensure appropriate safeguards are in place in accordance with GDPR Chapter V.

Updates to This Policy

This Privacy Policy may be updated to reflect changes in our practices or legal requirements. The « last updated » date at the top indicates the most recent revision. We encourage you to review this page periodically.