Privacy Policy

Albert Ébénisterie Sàrl

Route de Trélex 7, 1276 Gingins, Switzerland

Email: contact@albert-ebenisterie.ch

Phone: +41 22 369 12 34

For any question regarding personal data: laurent@albert-ebenisterie.ch.

When you submit a quote request or contact form, we collect: first name, last name, email, phone number, postal address, free-text message, optional budget range, and attachments (plans, photos, sketches).

We also collect minimal technical data during navigation: hashed IP address, user-agent, page visited, duration. This data is used only for fraud prevention (rate limiting) and aggregated audience measurement.

We do not use advertising tracking cookies. The only cookies set are technical (admin session, anti-spam form state).

• Respond to your quote request or question

• Establish and follow a service contract

• Send you information relating to your project (quotes, invoices, site reports)

• Secure the site (anti-spam, rate limiting)

• Measure audience in aggregate to improve content

For contact-form data: your explicit consent, given by submitting the form.

For technical data: legitimate interest in securing the site and measuring its audience.

For invoicing and accounting: legal obligation (Swiss Code of Obligations, 10-year retention).

Unconverted contact requests: 24 months after last contact, then automatic deletion.

Signed quotes and contracts: 10 years after project completion (accounting obligation).

Technical data (logs, rate-limit): 30 days, automatic deletion.

Internal admin accounts: kept while the person works for Albert Ébénisterie, then disabled (kept for audit).

Your data is never sold or transferred to third parties for commercial purposes.

Technical sub-processors:

• Google Cloud Platform (Switzerland, region europe-west6): app hosting, database, attachment storage. GDPR-compliant via Standard Contractual Clauses.

• Resend (United States): transactional emails (quotes, receipts). GDPR-compliant via SCCs.

• Cloudflare Turnstile (United States): anti-spam form protection. GDPR-compliant via SCCs.

Resend and Cloudflare Turnstile process data in the United States. These transfers are framed by the European Commission's Standard Contractual Clauses, which impose a level of protection equivalent to nLPD/GDPR.

Under nLPD and GDPR, you have the following rights:

• Right of access: obtain a copy of data about you

• Right to rectification: correct inaccurate data

• Right to erasure (right to be forgotten): request deletion of your data

• Right to restriction: suspend processing

• Right to portability: receive your data in a structured format

• Right to object: refuse specific processing

To exercise these rights, contact us at laurent@albert-ebenisterie.ch. We respond within 30 days.

We apply appropriate technical and organizational measures:

• TLS encryption on all communications (HSTS preload enabled)

• Hashed IP addresses in logs

• Two-factor authentication on all admin accounts

• Data access restricted to authorized persons (modular RBAC)

• Automatic backups with 7-day Point-In-Time Recovery

• Regular security audits

If you believe your data is being processed unlawfully, you can lodge a complaint with the Swiss Federal Data Protection and Information Commissioner (FDPIC) in Bern, or the supervisory authority of your country of residence (CNIL in France, ICO in the UK, etc.).

This policy may be updated. The last-updated date is shown at the top of this page. For substantial changes, we will inform affected persons by email.