1. Data Controller
The data controller for personal data collected via the website tena-plasticienne.com East :
- Name : Maïtena Labarbe
- Email: contact@tena-plasticienne.com
Data Protection Officer (DPO): Maïtena Labarbe
2. Data collected
Depending on your use of the site, we may collect the following categories of data:
- Identification data: surname, first name; ;
- Contact details: email address, telephone number, company; ;
- data contained in your messages; ;
- Technical connection data (IP address, browser, operating system); ;
- data related to navigation and audience measurement; ;
- data related to your cookie consent choices.
3. Collection Cases
Your data may be collected when you:
- use the contact form; ;
- request information or a callback; ;
- accept certain cookies or trackers during your visit; ;
- browse the site (audience measurement tools or external content enabled).
4. Purposes and legal basis
| Purpose | Legal basis |
| Responding to your contact requests (contact form) | Legitimate interest / performance of pre-contractual measures |
| Administrative follow-up | Performance of an agreement / legitimate interest |
| Site security and fraud prevention | Legitimate interest |
| Audience measurement (CNIL exempt) | Legitimate interest |
| Preservation of proof of consent | Legal obligation (GDPR) |
5. Data Recipients
The data is accessible to authorized personnel within Tena Plastic Artist.
They may be transmitted to subcontractors and technical service providers strictly necessary for the operation of the site:
- maintenance provider: D-FUZION, France ;
- audience measurement tool: Google Analytics, USA ;
- email sending service: O2Switch, France;
- other tools activated with your consent (see Cookie Policy).
No data is sold or transferred to third parties for commercial purposes.
6. Shelf life
The data is kept only for as long as strictly necessary for each purpose:
| Data category | Shelf life |
| Requests via contact form | 3 years from the date of last contact |
| Active customer/prospect data | 3 years from the date of the last commercial contact |
| Customer data (executed contracts) | 5 years (legal statute of limitations) |
| Technical logs (access, errors) | 12 months (CNIL/ANSSI recommendation) |
| Cookie consent log | 13 months |
| Audience measurement data | 13 months |
7. Data transfers outside the European Union
Some tools and services used on this site may involve the transfer of personal data to countries outside the European Union, including to the UNITED STATES.
Services concerned
| Service | Editor | Country | Transfer framework |
| Vimeo | Vimeo Inc | UNITED STATES | EU-US Data Privacy Framework (DPF) |
| YouTube | Google LLC | UNITED STATES | EU-US Data Privacy Framework (DPF) |
| Google Analytics 4 | Google LLC | UNITED STATES | EU-US Data Privacy Framework (DPF) |
EU-US Data Privacy Framework
These transfers are based on the European Commission adequacy decision No. 2023/1795 of 10 July 2023 relating to the EU-US Data Privacy Framework (DPF). This framework guarantees a level of data protection equivalent to that of the European Union for certified US companies.
The DPF certification of the services used can be verified on the official register: https://www.dataprivacyframework.gov.
In addition, and in the event that the DPF is invalidated, standard contractual clauses (CCT) adopted by the European Commission would be put in place as an alternative transfer mechanism (Art. 46 GDPR).
8. Your rights
In accordance with Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act, you have the following rights:
- Right of access (Art. 15): obtain a copy of your data; ;
- Right of rectification (Art. 16): correct inaccurate data; ;
- Right to erasure (Art. 17): request the removal in the cases provided for; ;
- Right to limitation (Art. 18): suspend treatment in certain cases; ;
- Right to object (Art. 21): to object to processing based on legitimate interest; ;
- Right to portability (Art. 20): to retrieve your data in a structured format, where this right applies; ;
- Right to withdraw consent (Art. 7): at any time, without calling into question the legality of the previous treatment; ;
- Right to define post-mortem directives (Data Protection Act): relating to the fate of your data after your death.
9. How to exercise your rights
You can exercise your rights:
- By email: contact@tena-plasticienne.com
We will acknowledge receipt of your request and respond to you. within one month from the date of receipt (Art. 12 GDPR). This period may be extended by a further two months due to the complexity or number of requests; we will inform you within one month of the extension, explaining the reasons for it.
We may be led to verify your identity in order to protect your data against unauthorized access.
If you receive an unsatisfactory response or no response within the given timeframe, you can file a complaint with the CNIL :
National Commission for Information Technology and Freedoms (CNIL)
3 Place de Fontenoy — TSA 80715 — 75334 Paris Cedex 07
Online form: www.cnil.fr/fr/plaintes
10. Security
We implement appropriate technical and organizational measures to protect your data against unauthorized access, loss, alteration, disclosure or destruction (Art. 32 GDPR).
11. Modifications
This policy may be modified at any time to reflect legal, technical, or organizational developments. In the event of a substantial change, we will inform you through an appropriate means.
Last updated: 27/05/2026