Privacy policy

Last updated: May 1, 2026

This privacy policy describes how ETOILYS collects and processes personal data from users of the website www.etoilys.fr, in particular when they use the contact form or the classification request form.

ETOILYS attaches particular importance to the protection of personal data and undertakes to process this data lawfully, fairly, transparently and proportionately to the purposes pursued.

1. Data controller

The data controller is:

ETOILYS

SAS with share capital of EUR 2,000

RCS Bergerac 939 330 809

Registered office: 1345 route de Dautres, 24150 Mauzac-et-Grand-Castang, France

Email: contact@etoilys.fr

Phone: +33 6 49 55 15 40

For any question about this policy or the processing of your personal data, you can contact us at: contact@etoilys.fr.

2. Personal data collected

Depending on the forms and exchanges, ETOILYS may collect the following categories of data:

  • identification and contact data: last name, first name, email address, phone number;
  • data relating to your request: subject of the request, message content, information about your classification project;
  • data relating to the furnished accommodation concerned: property address, characteristics useful for reviewing the request, and more generally any information you choose to send us;
  • technical data linked to site use: IP address, technical logs, security data, information needed to prevent abuse and operate the forms;
  • data from an anti-spam or anti-bot system, when this mechanism is used to secure form submissions;
  • audience measurement data: browsing journey, pages viewed, interactions with buttons, forms and simulators, only after analytics consent has been accepted.

ETOILYS ensures that it collects only the data strictly necessary to process the requests addressed to it.

3. Purposes and legal bases of processing

Your personal data is processed for the following purposes:

a) Replying to requests sent through the contact form

Legal basis: ETOILYS' legitimate interest in replying to requests received or, depending on the nature of the request, pre-contractual measures taken at your request.

b) Reviewing and processing classification or quotation requests

Legal basis: pre-contractual measures taken at your request and, where applicable, performance of the contract if a contractual relationship is entered into.

c) Administrative and commercial follow-up of the relationship

Legal basis: performance of the contract, pre-contractual measures or legitimate interest depending on the stage of the relationship.

d) Securing the site, preventing spam, automated submissions and abusive use

Legal basis: ETOILYS' legitimate interest in protecting its site, forms and services. The CNIL also cites CAPTCHA-type measures among the measures that may be used for a legitimate technical protection purpose.

e) Complying with applicable legal, accounting, tax or evidentiary obligations

Legal basis: legal obligation.

4. Recipients of the data

The personal data collected is intended only for authorised persons within ETOILYS, to the extent necessary to manage your request.

It may also be sent to technical service providers acting on behalf of ETOILYS, in particular for:

  • hosting and technical operation of the site;
  • technical processing of forms;
  • sending and routing emails;
  • securing forms and preventing abuse;
  • technical storage or management of application logs.

In this respect, the site may rely in particular on the following services, depending on its actual configuration:

  • Vercel for site hosting and operation;
  • Supabase for certain technical or processing functions;
  • Resend for email routing;
  • Cloudflare Turnstile for anti-bot protection on forms;
  • PostHog for audience measurement and journey analysis, only after analytics consent has been accepted.

ETOILYS does not voluntarily send PostHog any name, email address, phone number, postal address or free-text message content entered in forms.

ETOILYS does not sell your personal data to third parties.

5. Transfers of data outside the European Union

Some technical service providers used by ETOILYS may be located or process certain data outside the European Union or the European Economic Area.

Where such transfers take place, ETOILYS ensures that they are governed by appropriate safeguards, for example:

  • standard contractual clauses approved by the European Commission;
  • or, where applicable, a recognised mechanism such as the Data Privacy Framework.

6. Retention periods

ETOILYS keeps your personal data only for the period necessary for the purposes pursued, then for the periods required to meet its legal obligations or defend its rights.

In principle:

  • data relating to a contact request or classification request without a subsequent contractual relationship is kept for the time needed to process the request, then may be kept for up to 3 years from the last contact from the person concerned, for commercial follow-up or renewed contact;
  • in the event of a contractual relationship, the data is kept for the duration of the relationship, then archived for the applicable legal periods;
  • contracts and commercial correspondence may be kept for 5 years;
  • invoices and accounting documents are kept for 10 years;
  • information needed to manage an objection to marketing may be kept for 3 years in order to take your choice into account.

7. Data security

ETOILYS implements appropriate technical and organisational measures to preserve the security, integrity and confidentiality of personal data, and in particular to prevent its alteration, loss, disclosure or unauthorised access.

8. Your rights

In accordance with the applicable regulations, you have, depending on the case, the following rights:

  • right of access to your data;
  • right to rectification;
  • right to erasure;
  • right to restriction of processing;
  • right to object;
  • right to data portability where applicable;
  • right to withdraw your consent at any time when processing is based on consent.

You can exercise your rights by writing to: contact@etoilys.fr

If there is reasonable doubt about your identity, proof of identity may be requested in order to secure the processing of your request.

ETOILYS will endeavour to reply as soon as possible and, in any event, within the maximum legal period applicable. The CNIL states that this period is in principle one month.

If, after contacting us, you consider that your rights have not been respected, you may lodge a complaint with the CNIL.

9. Cookies and other trackers

The site may use cookies or other trackers necessary for its operation, security or form submission.

In accordance with the rules recalled by the CNIL, some trackers may be exempt from consent when they are strictly necessary for the operation of the requested service or for certain accepted technical purposes. By contrast, cookies or trackers that are not strictly necessary may only be placed after your consent has been collected.

The cookie management mechanism allows you to accept, refuse or change your choice relating to audience measurement. This choice is kept for 6 months, after which a new choice may be requested.

In this respect, PostHog is used on the site only after analytics consent has been accepted. The events sent are limited to journey information and values grouped by ranges; full URLs, query parameters and free-text form content are not voluntarily transmitted.

10. Changes to this policy

ETOILYS may amend this privacy policy at any time, in particular to take account of legal, regulatory or technical developments, or changes in the processing carried out on the site.

The applicable version is the one published on the site on the date of your visit.

Cookies and audience measurement

Etoilys uses PostHog to measure website audience and understand how pages and forms are used. This data helps improve the Etoilys website. No name, email address, phone number, postal address or message is voluntarily sent to PostHog. You can accept, refuse or change your choice at any time.

Privacy policy