Legal information
Privacy Policy
1. DATA CONTROLLER
The controller of personal data processing is:
BENOIST ROUSSEAU SLU
20 carrer Josep Viladomat, Parc de la Mola 3
AD700 Escaldes-Engordany
Andorra
Email: benoist@benoistrousseau.com
2. DATA COLLECTED
The data likely to be collected are:
- First and last name
- Email address
- IP address
- Connection data
- Browsing data
- Messages sent via form or comments
No automated decision producing legal effects is made on the basis of your data. No profiling is carried out.
3. PURPOSES OF PROCESSING
The data are collected for:
- managing user accounts
- sending newsletters
- improving the user experience
- preventing fraud and spam
- legal and administrative obligations
4. LEGAL BASIS
The processing of data is based on:
- for the newsletter, the user's consent
- for security, the legitimate interest of the data controller
- for requests via the contact form, the user's consent
5. NEWSLETTER
Subscription to the newsletter is voluntary.
It relies on a double opt-in system:
- initial registration
- confirmation via email
Without confirmation, the data are deleted within 7 days.
Each email contains an unsubscribe link allowing:
- the immediate cessation of mailings
- the deletion of data within 7 days
6. COMMENTS AND FORMS
When publishing a comment or a message:
- the data entered
- the IP address
- the date and time
may be recorded in order to:
- combat spam
- ensure the security of the site
7. COOKIES
The site uses strictly necessary cookies:
- technical operation
- session management
- user preferences
No advertising cookies are used.
Duration:
- session cookies: temporary
- preference cookies: up to 1 year
The user can delete cookies via their browser.
8. THIRD-PARTY CONTENT
The site may embed external content (e.g., YouTube).
These services may:
- collect data
- set cookies
- track user activity
The publisher is not responsible for the policies of these services.
9. DATA RECIPIENTS AND TRANSFERS
Personal data may be passed on only to the providers strictly necessary for delivering the service. No data is sold, rented, or transferred for commercial purposes.
Providers and processors:
Provider | Operator | Processing country | Purpose | Transfer safeguard |
|---|---|---|---|---|
o2switch | o2switch SARL | France (EU) | Hosting of the site and data | Adequate level of protection |
GetResponse | GetResponse Inc. | Poland (EU) and United States | Management and sending of the newsletter | Standard contractual clauses (art. 39 LQPD) and a Data Processing Agreement (DPA) compliant with Chapter V of the GDPR |
YouTube | Google LLC | United States | Hosting of embedded videos | Standard contractual clauses (art. 39 LQPD) |
WordPress | Automattic Inc. | United States | Content management system | Standard contractual clauses (art. 39 LQPD) |
Details on transfers outside Andorra and outside the EU
Some providers may process personal data outside Andorra and the European Union, in particular in the United States. In accordance with article 39 of Qualified Law 29/2021 on personal data protection (LQPD), these transfers are governed by the following mechanisms:
- Standard contractual clauses (SCCs): contracts compliant with the templates approved by the competent authorities, ensuring a level of data protection equivalent to that provided by the LQPD and the GDPR;
- Data Processing Agreements (DPAs): data processing agreements concluded with each processor, defining the respective obligations regarding the security, purpose, and duration of processing;
- Adequate level of protection: for providers located in the EU or in countries recognized as offering an adequate level of protection.
Specific case: GetResponse
The newsletter service is provided by GetResponse Inc., a company incorporated under U.S. law (Delaware), which also has infrastructure in the European Union (Poland). Newsletter subscribers' data (email address, connection data, interactions with emails) may be processed both in the EU and in the United States. This transfer is governed by a Data Processing Agreement compliant with article 28 of the GDPR and by standard contractual clauses ensuring an equivalent level of protection.
The user may consult GetResponse's DPA at the following address: https://www.getresponse.com/legal/data-processing-agreement
Commitments of BENOIST ROUSSEAU SLU
BENOIST ROUSSEAU SLU undertakes to:
- use only processors offering sufficient safeguards regarding data protection;
- conclude with each processor a processing agreement compliant with the LQPD;
- inform users of any change of processor involving a transfer to a third country;
- update this list in the event of the addition or removal of a provider.
The list of processors was last updated on 2 January 2026.
10. RETENTION PERIOD
Personal data are retained for the following periods:
- Newsletter: 7 days after unsubscription
- Comments: 5 years from the last account activity, or the lifetime of the commented content
11. USER RIGHTS
In accordance with Qualified Law 29/2021 of 28 October on personal data protection (LQPD), the user has the following rights over their personal data:
Right | Description |
|---|---|
Access | Obtain confirmation that data concerning you are being processed and receive a copy |
Rectification | Have inaccurate data corrected or incomplete data completed |
Erasure | Request the deletion of your data when they are no longer necessary for the purpose for which they were collected |
Objection | Object to the processing of your data on legitimate grounds |
Restriction | Request the restriction of processing in certain circumstances |
Portability | Receive your data in a structured, commonly used, and machine-readable format |
How to exercise your rights
Any request may be sent by email to:
To facilitate the handling of your request, please specify:
- the right you wish to exercise;
- your contact details (first name, last name, email address associated with your account);
- any information enabling you to be identified as a user of the site.
Exercising these rights is free of charge. However, in the case of manifestly unfounded or excessive requests, in particular due to their repetitive nature, BENOIST ROUSSEAU SLU may charge a reasonable fee or refuse to act on the request, giving reasons for its decision.
Response times
BENOIST ROUSSEAU SLU undertakes to acknowledge receipt of your request within 72 hours.
A reasoned response will be provided within a maximum of one (1) month from receipt of the request, in accordance with the LQPD.
This period may be extended by a further two (2) months if the complexity or number of requests justifies it. In this case, BENOIST ROUSSEAU SLU will inform you of the extension and its reasons within the initial one-month period.
In the event of a refusal, the response will state the reasons for the refusal as well as the possibility of lodging a complaint with the supervisory authority.
Identity verification
BENOIST ROUSSEAU SLU may ask you to provide proof of identity in order to ensure that the request comes from the holder of the data concerned. This verification aims to protect your data against any unauthorized access.
Complaint to the supervisory authority
If you consider that your data protection rights are not being respected, you may lodge a complaint with the Andorran Data Protection Agency (APDA):
12. SECURITY
BENOIST ROUSSEAU SLU implements:
- technical measures
- organizational measures
in order to protect personal data.
13. AMENDMENT OF THIS POLICY
Right to amend
BENOIST ROUSSEAU SLU reserves the right to amend this Privacy Policy at any time, in particular to adapt it to legal, regulatory, or technical developments or to changes affecting the data processing carried out.
Minor amendments
Minor amendments (typographical corrections, rewording with no impact on the user's rights, link updates) take effect upon their publication on the site. The last-updated date shown at the bottom of the document prevails.
Substantial amendments
Any substantial amendment to this policy will be notified to users holding an account, by email, at least 30 days before it takes effect.
Amendments relating in particular to the following are considered substantial:
- the purposes of the processing of personal data;
- the categories of data collected;
- the recipients or processors with access to the data;
- transfers of data to a new third country;
- retention periods;
- the procedures for exercising user rights;
- the addition of tracking technologies or cookies that are not strictly necessary.
The notification will specify the nature of the amendments made, the effective date, and the link to the full version of the updated policy.
Consultation and objection
The user is invited to consult this policy regularly.
If the user objects to a substantial amendment, they may:
- exercise their rights of erasure and objection in accordance with section 11 of this policy, by sending a request to benoist@benoistrousseau.com;
- unsubscribe from the newsletter via the link provided for that purpose;
- request the deletion of their account in accordance with the conditions set out in the Terms of Use.
Version history
The applicable version is the one in force on the site at the time of browsing or of use of the service.
14. APPLICABLE LAW
This policy is governed by Andorran law.
In the event of a dispute, the Andorran courts shall have jurisdiction, subject to the mandatory provisions applicable in the user's country of residence.
15. MANAGEMENT OF PERSONAL DATA BREACHES
Definition
A personal data breach is any security incident leading, accidentally or unlawfully, to the destruction, loss, alteration, unauthorized disclosure of, or unauthorized access to personal data processed by BENOIST ROUSSEAU SLU.
This includes in particular:
- an intrusion or unauthorized access to IT systems;
- the loss or theft of equipment containing personal data;
- the accidental sending of personal data to an incorrect recipient;
- the accidental deletion of data without the possibility of restoration;
- any incident affecting the confidentiality, integrity, or availability of the data.
Internal detection and assessment procedure
As soon as it becomes aware of an incident likely to constitute a data breach, BENOIST ROUSSEAU SLU undertakes to:
1. Contain the incident: immediately take the technical measures necessary to limit the scope of the breach (suspension of access, change of passwords, isolation of the systems concerned).
2. Assess the breach: determine as quickly as possible the nature of the incident, the categories and volume of data concerned, the categories and approximate number of people affected, and the likely consequences of the breach.
3. Document the incident: record all the facts relating to the breach, its effects, and the corrective measures taken. This record is kept and made available to the APDA.
Notification to the Andorran Data Protection Agency (APDA)
In accordance with Qualified Law 29/2021 (LQPD), where the breach is likely to result in a risk to the rights and freedoms of the persons concerned, BENOIST ROUSSEAU SLU will notify the APDA as soon as possible and no later than 72 hours after becoming aware of it.
The notification will contain:
- a description of the nature of the breach;
- the categories and approximate number of people concerned;
- the categories and approximate volume of data concerned;
- the likely consequences of the breach;
- the measures taken or proposed to remedy the breach and mitigate its effects.
If all of this information cannot be provided within the 72-hour period, the notification will be made in stages, with the additional information being provided as soon as it is available. Any exceeding of the 72-hour period will be accompanied by a justification.
Informing the persons concerned
Where the breach is likely to result in a high risk to the rights and freedoms of the persons concerned, BENOIST ROUSSEAU SLU will inform them without undue delay, in clear and plain language.
This communication will specify:
- the nature of the breach;
- the likely consequences;
- the measures taken to remedy it;
- the recommendations to follow for self-protection (changing passwords, increased vigilance, etc.);
- the contact details of the point of contact for any questions.
Exceptions to informing the persons
Individual notification of the persons concerned is not required where:
- appropriate protective measures were implemented beforehand, rendering the data unintelligible to any unauthorized person (in particular encryption);
- subsequent measures were taken ensuring that the high risk will no longer materialize;
- individual notification would require disproportionate effort, in which case a public communication will be made.
Contact
If you have any questions about the security of your data, you may contact BENOIST ROUSSEAU SLU at the following address:
If you consider that your rights have not been respected following an incident, you may lodge a complaint with the APDA: www.apda.ad