Request a quote
EN

Privacy policy

Caeterra (publisher of easytochange.co) attaches major importance to the protection of your personal data. This policy explains clearly and transparently what data we collect, why, how long we retain it, and how you can exercise your rights.

Contents

1. Data controller

The data controller for your personal data is:

Caeterra
Société par actions simplifiée (French simplified joint-stock company)
17 boulevard de Strasbourg, 62000 Arras, France
Arras Trade and Companies Register — SIREN: 921 547 956
Contact: via the contact page

2. Data collected and purposes

2.1 — Quote, contact, catalogue and pricing forms

When you fill in one of our forms (managed by Fillout), we collect:

  • Identity: surname, first name, role in the company.
  • Professional contact details: business email, telephone number, company name, site address.
  • Information on your needs: number of smoking areas, number of employees, number of visitors, number of sites concerned, type of service desired.
  • Free-form message you send us (if applicable).

Purposes: respond to your request, prepare a tailored quote, send you our catalogue or pricing, and where applicable manage our commercial and contractual relationship.

2.2 — Audience measurement (self-hosted Matomo)

We use self-hosted Matomo Analytics (on the subdomain analytics.easyto.fr) to measure site traffic and understand user journeys. This tool is configured to:

  • Place no persistent tracking cookie.
  • Automatically respect the "Do Not Track" signal from your browser.
  • Anonymise IP addresses at storage.
  • Transmit no data to a third party or outside the European Union.

The data collected (pages visited, duration, traffic source, device type) is aggregated and anonymous.

2.3 — Advertising and measurement tools (on consent)

If you consent via our cookie banner, we activate:

  • Google Tag Manager: tag orchestrator (triggers other tools based on your consent).
  • Google Ads (conversion tracking): to measure the effectiveness of our Google Ads campaigns.
  • GetQuanty: identification of companies that have visited our site (B2B), from their public IP address. No individually identifying personal data is collected by this tool.
  • UTM tracking: utm_source, utm_campaign, utm_medium, gclid, fbclid parameters stored locally in your browser for 30 days to correctly attribute the traffic source to a subsequent conversion.

3. Legal bases for processing

In accordance with article 6 of the GDPR, the processing of your data is based on:

  • Consent (art. 6.1.a): for non-essential advertising and measurement cookies, collected via the cookie banner.
  • Performance of pre-contractual measures (art. 6.1.b): for the processing of quote, catalogue or contact requests.
  • Legitimate interest (art. 6.1.f): for anonymised audience measurement (cookie-less Matomo) and site security. This legitimate interest is balanced against your rights and freedoms.

4. Retention period

  • Unconverted quote / contact requests: 3 years from last contact, in line with French CNIL recommendations for B2B prospecting.
  • Client data (signed quotes, contracts): duration of the commercial relationship, then 10 years after the end of the contract (accounting and tax obligations).
  • Aggregated Matomo data: 13 months maximum.
  • Consent cookies (CookieYes): 6 months.
  • Marketing cookies (on consent): 13 months maximum (CNIL recommendation).
  • Locally stored UTMs: 30 days.

5. Recipients and processors

Your data may be transmitted to internal Caeterra services (sales team, customer service) and to the following processors, chosen for their security level and GDPR compliance:

  • Infomaniak Network SA (Switzerland) — site hosting. Data: pages visited, server logs.
  • Fillout Inc. (United States, Data Privacy Framework certified) — online form management. Data: everything you enter in the forms.
  • Google Ireland Limited — Google Tag Manager and Google Ads (on consent only). Data: conversion events.
  • CookieYes Limited (Ireland) — cookie consent management. Data: your consent choice.
  • GetQuanty (France) — B2B identification (on consent). Data: public connection IP address.
  • Matomo host (Infomaniak, Switzerland) — self-hosted analytics. Data: anonymised browsing.
  • MéGO and clikeco (France) — operational partners for collection and recycling. Data: only client site contact details and collected volumes, under a signed contract.

All our processors are bound by contract to strict confidentiality and security obligations, in accordance with article 28 of the GDPR.

6. Transfers outside the European Union

Some of our processors are based outside the European Union:

  • Switzerland (Infomaniak): country benefiting from an adequacy decision from the European Commission. Level of protection equivalent to the GDPR.
  • United States (Fillout, Google): transfers framed by the certified Data Privacy Framework (DPF) and/or standard contractual clauses (SCC) approved by the European Commission.

7. Your rights

In accordance with articles 15 to 22 of the GDPR, you have the following rights over your personal data:

  • Right of access: obtain confirmation that your data is being processed and receive a copy of it.
  • Right to rectification: have inaccurate or incomplete data corrected.
  • Right to erasure ("right to be forgotten"): request the deletion of your data in the cases provided for by the GDPR.
  • Right to restriction of processing: suspend the use of your data in certain cases.
  • Right to portability: receive your data in a structured, machine-readable format.
  • Right to object: object to the processing of your data, in particular for commercial prospecting purposes.
  • Right to withdraw your consent at any time, without this calling into question the lawfulness of previous processing.
  • Right to define guidelines on what happens to your data after your death.

To exercise these rights, contact us via the contact page. A response will be provided within a maximum of one month from receipt of your request. Proof of identity may be requested in case of reasonable doubt about your identity.

8. Security

We implement appropriate technical and organisational measures to protect your data against any destruction, loss, alteration, disclosure or unauthorised access, in particular:

  • Systematic HTTPS encryption of communications (TLS 1.3).
  • Hosting in a secure data centre at Infomaniak (ISO 27001 and ISO 9001 certifications).
  • Access to data limited to authorised personnel, on the principle of least privilege.
  • Regular encrypted backups.
  • Team awareness of IT security best practices.

9. Contact and complaint

For any question concerning this policy or the exercise of your rights, contact us via the contact page. Caeterra is not required to appoint a Data Protection Officer (DPO) given its activity, but handles all requests with care.

If you consider, after having contacted us, that your rights are not respected, you have the right to lodge a complaint with the French Data Protection Authority (CNIL):

CNIL — 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
Website: www.cnil.fr

Last update: May 2026.