Effective Date: 1 September 2025

This Privacy Policy describes how Sustain & Maintain SAS (“we”, “our”, or “us”) collects, uses, and protects your personal data when you visit our website https://www.sustainandmaintain.fr
, in accordance with the General Data Protection Regulation (EU Regulation 2016/679 – GDPR) and French data protection law.

1. Data Controller

The data controller responsible for processing personal data on this website is:

Sustain & Maintain SAS
564 Chemin de Grezac, Villa Rose
30700 Uzès
France
Phone: +33 (0)664 155 749
Email: email@sustainandmaintain.fr

SIREN: 979 583 333
SIRET: 979 583 333 00013
VAT number: FR84979583333
Managing Director: Jana Werner

2. Hosting

For hosting our website and displaying its content, we use the services of the following provider:

Bluehost Inc.
5335 Gate Pkwy, 2nd Floor
Jacksonville, FL 32256
United States
Website: https://www.bluehost.com

All data collected on this website is processed on the servers of this provider.

We have concluded a Data Processing Agreement (DPA) with Bluehost in accordance with Article 28 GDPR, which ensures that our visitors’ personal data is processed strictly based on our instructions and is not passed on to unauthorized third parties.

In cases where data is transferred to the United States, the provider relies on the Standard Contractual Clauses (SCCs) issued by the European Commission, which are intended to guarantee compliance with the European level of data protection.

3. What Data We Collect

We only collect personal data that is necessary for the proper functioning of the website or that you voluntarily provide when contacting us. This may include:

Your name and email address (via contact form)
The content of your message
Your IP address (for security and server log purposes)
Your cookie preferences
Technical data such as browser type, device, and operating system
We do not use cookies for analytics, advertising, or profiling purposes.

4. Purpose and Legal Basis of Processing

We process your data for the following purposes:

• To respond to messages sent via the contact form (based on your consent, Article 6(1)(a) GDPR)
• To ensure the technical operation and security of the website (based on our legitimate interest, Article 6(1)(f) GDPR)
• To comply with legal obligations, e.g. cookie consent management (Article 6(1)(c) GDPR)

5. Contact Form

If you contact us via the form on the website, we will process your name, email address, and message for the purpose of responding to your inquiry. This data will not be shared with third parties and will not be used for marketing.

We store your data for a maximum of 12 months, unless we are legally required to retain it longer.

6. Cookies

We use only essential cookies that are necessary for the proper functioning of the website. No tracking, marketing, or analytics cookies are used.

We use a cookie consent tool (Real Cookie Banner) that allows you to control your preferences in accordance with the GDPR and CNIL guidelines. You can change or withdraw your consent at any time via the “Cookie Settings” link in the footer of the website.

7. Plugins and Third-Party Services

We use the following WordPress plugins and tools that may process limited data:

• Akismet Anti-Spam: Filters spam in contact form submissions. Operated by Automattic Inc., USA.
• WP Armour: Provides additional spam protection using honeypot technology.
• UpdraftPlus: Creates encrypted backups of website data (no personal content).
• TranslatePress: Enables multilingual content display.
• TinyPNG: Optimizes image file sizes (no user data).
• Yoast SEO: Manages metadata (no personal data from visitors).
• Elementor / ElementsKit: Used for page design. Does not collect user data.

We have configured these tools to avoid transferring personal data wherever possible. Where data is transferred to third countries, we inform you transparently.

8. Data Transfers to Third Countries

Some data (e.g. technical logs) may be transferred to countries outside the EU, including the United States. Where no adequacy decision exists, we rely on your explicit consent under Article 49(1)(a) GDPR, and take appropriate security measures to minimize risk.

Please be aware that such transfers may involve risks such as access by foreign authorities without sufficient legal remedies.

9. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy:

• Contact form data: deleted after 12 months
• Server logs: deleted after 30 days
• Cookie preferences: stored for up to 13 months (per CNIL recommendations)

10. Your Rights

• Under the GDPR, you have the following rights:
• The right to access your personal data (Article 15)
• The right to correct inaccurate data (Article 16)
• The right to request deletion (Article 17)
• The right to restrict processing (Article 18)
• The right to data portability (Article 20)
• The right to object to processing (Article 21)
• The right to withdraw consent at any time (Article 7)

To exercise your rights, contact us at:
email@sustainandmaintain.fr

You also have the right to lodge a complaint with the Commission Nationale de l’Informatique et des Libertés (CNIL):
https://www.cnil.fr

11. Data Security

We implement appropriate technical and organizational measures to protect your data in accordance with Article 32 GDPR. These include:

SSL/TLS encryption (https)

Server and access security

Regular data backups

Anti-spam protection

Data minimization

12. Updates to This Privacy Policy

We may update this privacy policy to reflect changes in the law or in our practices. The current version will always be available at:
https://www.sustainandmaintain.fr/privacy-policy

13. Contact

If you have any questions regarding this privacy policy or how your data is processed, please contact:

Sustain & Maintain SAS
Attn: Jana Werner
564 Chemin de Grezac, Villa Rose
30700 Uzès
France
email@sustainandmaintain.fr