This document is an English translation provided for convenience. The French version of this Privacy Policy is the legally binding reference.
Last updated: April 27, 2026
What is this Privacy Policy?
This Privacy Policy informs you of the "processing" of your "personal data" in compliance with applicable regulations, including (i) Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data ("GDPR"), and (ii) French Act No. 78-17 of 6 January 1978 on Information Technology, Data Files and Civil Liberties ("LIL").
Who is this Privacy Policy for?
This Privacy Policy applies to Users of the Website.
By visiting the Lupin & Holmes website, the User accepts this Privacy Policy, regardless of the device used.
The following terms have the meanings set out below:
- "User" means the natural person browsing the Website from their device via an electronic communications network.
- "Website" means the landh.tech website operated by Lupin & Holmes.
- "Cookie / tracker": "a small file stored by a server on the device (computer, phone, etc.) of a user and associated with a web domain (i.e., in most cases, with all the pages of the same website). This file is automatically returned during subsequent contacts with the same domain." (CNIL)
- "Personal data": "any information relating to an identified or identifiable natural person." (Article 4.1 GDPR)
- "Data controller": "the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing..." (Article 4.7 GDPR)
- "Processing": "any operation or set of operations which is performed on personal data or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction." (Article 4.2 GDPR)
- "Personal data breach": "a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed." (Article 4.12 GDPR)
Can this Privacy Policy change?
This Privacy Policy may be updated at any time in the event of legal, case-law, or regulatory developments. The version in force is the one available on the Website.
What types of personal data are collected?
Lupin & Holmes collects two types of personal data:
- Connection logs of Users (IP address, user agent);
- Contact data of a User collected by Lupin & Holmes following a contact request initiated by a User (last name, first name, email address used by the User, professional title / role, phone number).
In collecting the personal data described above, Lupin & Holmes acts on its own behalf as the "data controller".
How is my personal data collected?
Lupin & Holmes limits data collection to the strict minimum necessary:
- (i) Your IP address;
- (ii) Your User-Agent (information about your browser and operating system);
- (iii) The headers transmitted by your browser;
- (iv) The referrer (the site or page that redirected you to Lupin & Holmes).
Lupin & Holmes does not use any cookies on this site. No additional information (such as your name, contact details, or any other personal data) is collected without your prior consent.
For what purpose is my personal data processed?
Personal data (User connection logs) is collected by Lupin & Holmes for several purposes:
- To ensure navigation on the Website (Article 6.1.b GDPR);
- To pursue the legitimate interest of the security of the information system and of the Lupin & Holmes Website (Article 6.1.f GDPR).
Personal data (contact data of a User as a prospect, following a contact request from the User) is processed by Lupin & Holmes for the following purpose:
- To manage Lupin & Holmes' prospects (Article 6.1.f GDPR).
How long is my personal data stored?
User connection logs are stored for a maximum period of seven (7) days after their collection by Lupin & Holmes.
User contact data is stored for a maximum period of two (2) years from the User's contact request, in their capacity as a prospect (CNIL deliberation SAN 2020-003 of 28 July 2020).
After these respective periods, the personal data collected will be erased from Lupin & Holmes' databases.
What rules apply to cookies?
The cookies used by Lupin & Holmes comply with (i) the EU "e-Privacy" directive of 12 July 2022, (ii) Article 82 of the LIL, (iii) CNIL deliberation No. 2020-091, and (iv) CNIL deliberation No. 2020-092 of 17 September 2020, supplemented by (v) the CNIL Q&A published on 18 March 2021.
The rules applicable to cookies / trackers currently require Lupin & Holmes to obtain prior consent if Lupin & Holmes wishes to use a cookie on a User's device.
By way of exception, the rules applicable to cookies / trackers currently allow a cookie / tracker to be placed on a User's device without consent (but with prior information), and therefore allow the use of the processing and/or storage capacities of the device and the carrying out of read and/or write operations, where the cookie / tracker:
- (i) "has the sole purpose of enabling or facilitating communication by electronic means"; or
- (ii) "is strictly necessary for the provision of an online communication service at the express request of the user" (CNIL deliberation No. 2020-091).
On this basis, the cookies / trackers implemented by Lupin & Holmes benefit from the exemption regime from the requirement of prior consent (CNIL deliberation No. 2020-091):
- (i) trackers preserving the choice expressed by users regarding the deposit of trackers;
- (ii) trackers intended for authentication to a service, including those aimed at securing the authentication mechanism, for example by limiting robotic or unexpected access attempts;
- (iii) trackers intended to keep in memory the contents of a shopping cart on a merchant site or to bill the user for the products and/or services purchased;
- (iv) trackers used to personalise the user interface (for example, to choose the language or the presentation of a service), where such personalisation is an intrinsic and expected element of the service;
- (v) trackers enabling load balancing of equipment contributing to a communication service;
- (vi) trackers allowing paid sites to limit free access to a sample of content requested by users (in a predefined quantity and/or over a limited period);
- (vii) "audience-measurement trackers for the site or application, in order to meet various needs (performance measurement, detection of navigation issues, optimisation of technical performance or ergonomics, estimation of required server power, analysis of content viewed, etc.)".
To whom is my personal data transmitted?
The personal data collected by Lupin & Holmes is not transmitted to any third party for any purpose.
How is my personal data protected?
Lupin & Holmes implements appropriate technical and organisational measures to ensure the protection of the personal data of its Users that it has collected (Article 32 GDPR).
What happens in the event of a breach of my personal data?
In the event of a "personal data breach" affecting data collected by Lupin & Holmes, Lupin & Holmes will notify the CNIL as soon as possible and, where feasible, no later than 72 hours after becoming aware of it (Article 33 GDPR).
If the personal data breach is likely to result in a high risk to the Users concerned, Lupin & Holmes will then communicate to the Users concerned (i) the existence of this breach of their personal data as soon as possible and (ii) the necessary information and recommendations (Article 34 GDPR).
What rights can I exercise over my data?
Right of access: The User has the right to ask Lupin & Holmes for a copy of the personal data that has been processed by Lupin & Holmes.
Right to rectification: The User has the right to rectify or update their personal data that Lupin & Holmes has collected.
Right to erasure: The User's right to erasure of their personal data is available in the following cases:
- where the User's personal data is no longer necessary in relation to the purposes for which it was collected or processed;
- where the User objects to processing necessary for the legitimate interests pursued by Lupin & Holmes and there are no overriding legitimate grounds for the processing;
- where the User's personal data has been unlawfully processed.
Right to restriction: This right does not apply, since the processing carried out by Lupin & Holmes is lawful and all personal data collected is necessary (i) for browsing the Website and (ii) for the contact request initiated by the User.
Right to portability: The right to portability does not apply, since it only applies where the processing of personal data is based on the legal basis of consent or a contract (Article 20 GDPR), which does not correspond to the legal bases for processing the personal data of Lupin & Holmes' Users.
Right to object: The right to object does not apply, since the processing of Users' personal data has the sole purposes of (i) ensuring proper navigation on the Website, (ii) ensuring the legitimate interest of the security of Lupin & Holmes' information system and Website, and (iii) properly managing Lupin & Holmes' prospects. No User profiling is carried out by Lupin & Holmes (Article 21 GDPR).
How can I exercise my rights?
To exercise their rights regarding the processing of their personal data, the User may contact Lupin & Holmes at the following email address: [email protected].
The User may contact Lupin & Holmes at any time to exercise their rights over their personal data.
In the event of a dispute, the User has the right to lodge a complaint with the French Data Protection Authority (Commission Nationale de l'Informatique et des Libertés — CNIL).
Who can I contact for more information?
If you would like to obtain additional information, you can contact: [email protected].
