Skip to content
Sushi & Nem
fren
Call usOrder on Uber Eats

GDPR · French Data Protection Act

Privacy policy

This policy describes how SUSHI & NEM collects, uses and protects your personal data. Last updated: April 23, 2026.

Data controller

Legal name
SUSHI & NEM
SIRET
99085952200015
Address
2 Avenue d'Évian, 74200 Thonon-les-Bains, France
Contact
sushinemthononlesbains@hotmail.com

Data collected

We only collect data you voluntarily share, namely:

  • Via the contact form: first name, last name, email, phone (optional), message.
  • Via phone or email: whatever information you choose to share.
  • Via technical cookies: consent preferences (6-month retention).

No sensitive data (health, political or religious opinions, etc.) is collected. No profiling or automated decision-making is performed.

Purposes and legal basis

  • Reply to your messages legal basis: pre-contractual measures at your request (art. 6-1-b GDPR).
  • Manage your cookie consent legal basis: consent (art. 6-1-a GDPR) and legitimate interest for strictly necessary cookies.
  • Measure website audience legal basis: consent (if audience measurement is enabled).

Retention period

  • Contact form messages: 3 years from the last exchange.
  • Consent cookies: 6 months.
  • Billing-related data: 10 years (accounting obligation).

Recipients and processors

Your data is never sold. It may be processed by the following sub-processors, strictly for the purposes listed above:

  • OVH CLOUD FRANCE website hosting (Roubaix, France).
  • Amazon SES email delivery from the contact form via Mail Hub Jarvis platform (EU).
  • Google Maps embedded map, loaded only after your consent (USA — standard contractual clauses).
  • Elfsight Google reviews and Instagram widgets, loaded only after your consent.
  • Instagram (Meta), Facebook, Uber Eats outbound links to our pages / store. These services apply their own policies.

Transfers outside the EU

Some sub-processors (Google, Elfsight, Meta) may transfer your data to the United States. These transfers are covered by the European Commission's standard contractual clauses and the EU-US Data Privacy Framework. They only occur after your explicit consent.

Cookies

No third-party cookie is set before your explicit consent. The CNIL-compliant banner, shown on your first visit, lets you accept or refuse each category.

  • Strictly necessary storage of your consent preferences (always active, no opt-out).
  • Widgets Google reviews (Elfsight), Instagram, Google Maps. Opt-in.
  • Audience measurement anonymous statistics (Plausible if enabled). Opt-in.

You can change your choices at any time via the floating badge at the bottom-left of every page.

Your rights

Under Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act, you have the following rights:

  • Right of access to your data.
  • Right to rectification.
  • Right to erasure (right to be forgotten).
  • Right to restrict processing.
  • Right to data portability.
  • Right to object.
  • Right to set post-mortem directives regarding your data.
  • Right to withdraw your consent at any time.

To exercise these rights, email us at sushinemthononlesbains@hotmail.com. We reply within 30 days maximum.

Data security

The site is hosted on a private OVH server (France), encrypted with HTTPS/TLS. Form communications are end-to-end secured. Data access is restricted to authorised personnel only.

Complaint to the CNIL

If you believe — after contacting us — that your rights are not respected, you may file a complaint with the CNIL (French data protection authority):

Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07
www.cnil.fr

Changes to this policy

We may update this policy to reflect legal or technical changes. The last-update date at the top of the page applies. Substantial changes will be flagged via a banner on the site.

See also: legal notice.

Privacy policy — Sushi & Nem