Jointeapurificat

Legal

Privacy Policy

This document explains how Jointeapurificat processes personal information when you visit jointeapurificat.world or contact us about workplace snack strategy programs.

Last updated:

1. Data controller

The data controller responsible for processing under this policy is:

Jointeapurificat
767 5th Ave, New York, NY 10153, USA
Phone: +1 212-336-1440
Email: touch@jointeapurificat.world
Website: https://jointeapurificat.world

For privacy-specific requests, contact us using the email above with the subject line "Privacy Request."

2. Scope and purpose of this policy

This Privacy Policy applies to visitors of our website, prospective business clients, and individuals who submit inquiries through our contact form. We provide general informational content and consulting services related to workplace snack strategy programs. We do not offer medical services, and we do not intentionally collect special categories of personal data such as health diagnoses unless you voluntarily include such information in a message (which we discourage).

Our purposes for processing personal data include:

  • Operating and securing the website;
  • Responding to contact and information requests;
  • Delivering consulting and educational services under contract;
  • Complying with legal obligations;
  • Improving site performance and content relevance when you consent to analytics cookies.

3. Legal bases for processing (GDPR)

Where the General Data Protection Regulation (GDPR) applies, we rely on the following legal bases:

  • Consent: Contact form submission, optional marketing communications, and non-essential cookies.
  • Contract: Steps taken at your request before entering a consulting agreement, and performance of signed agreements.
  • Legitimate interests: Website security, fraud prevention, B2B relationship management, and limited analytics where balanced against your rights.
  • Legal obligation: Tax, accounting, and regulatory record-keeping.

You may withdraw consent at any time without affecting the lawfulness of processing before withdrawal.

4. Categories of personal data we collect

4.1 Data you provide directly

When you complete our contact form, we may collect your name, email address, message content, and confirmation of GDPR consent. If you engage us for consulting, we may additionally collect business contact details, job title, company name, billing address, and procurement references.

4.2 Data collected automatically

Server logs may record IP address, browser type, operating system, referring URL, pages viewed, and timestamps. If you accept analytics cookies, aggregated usage metrics may be collected through privacy-oriented analytics tools configured to minimize identification.

4.3 Data we do not seek

Please do not submit government ID numbers, full payment card numbers, or sensitive health records through the contact form. We will delete such content if received inadvertently.

5. How we use your data

Personal data is used strictly for identified purposes:

  1. To read, assign, and reply to your inquiry within our stated business hours;
  2. To prepare proposals, statements of work, and educational deliverables you request;
  3. To administer accounts receivable and payable for contracted services;
  4. To maintain internal quality records and training examples with identifiers removed where feasible;
  5. To detect technical abuse of the website infrastructure;
  6. To demonstrate compliance during audits, limited to necessary extracts.

We do not use your data for automated decision-making that produces legal or similarly significant effects.

6. Data retention periods

  • Contact form messages: Up to twenty-four (24) months from last interaction, unless a longer period is required for an active commercial negotiation or contract.
  • Contract and invoice records: Seven (7) years from the end of the fiscal year in which the transaction occurred, or longer if mandated by applicable law.
  • Server logs: Ninety (90) days, unless extended for security incident investigation.
  • Cookie consent records: Twelve (12) months, then refreshed upon your next visit.
  • Marketing opt-in lists: Until you unsubscribe or twelve (12) months of inactivity, whichever occurs first.

When retention periods expire, data is securely deleted or irreversibly anonymized.

7. Security measures

We implement administrative, technical, and organizational safeguards appropriate to the risk, including:

  • HTTPS encryption for website transport;
  • Access controls limiting employee access to personal data on a need-to-know basis;
  • Password policies and multi-factor authentication on administrative systems where available;
  • Regular review of vendor security practices for subprocessors listed below;
  • Incident response procedures including notification to supervisory authorities and data subjects when required by law.

No method of transmission over the Internet is completely secure. We encourage you to use business email domains and avoid sharing confidential trade secrets in initial contact messages.

8. Recipients and international transfers

We may share personal data with:

  • Hosting and infrastructure providers located in the United States;
  • Email and calendar service providers used for correspondence;
  • Professional advisors (lawyers, accountants) bound by confidentiality;
  • Authorities when required by valid legal process.

Where GDPR applies and data is transferred outside the European Economic Area, we rely on appropriate safeguards such as Standard Contractual Clauses or adequacy decisions, available upon request.

9. Your rights

Depending on your location, you may have the following rights:

  • Access to a copy of personal data we hold about you;
  • Rectification of inaccurate or incomplete data;
  • Erasure ("right to be forgotten") in certain circumstances;
  • Restriction of processing while a dispute is resolved;
  • Data portability for information provided under consent or contract in structured format;
  • Objection to processing based on legitimate interests or for direct marketing;
  • Withdrawal of consent for cookie and marketing activities;
  • Lodge a complaint with a supervisory authority (EU/UK users).

U.S. residents in states with comprehensive privacy laws (including California, Virginia, Colorado, Connecticut, and Utah) may have additional rights to know, delete, correct, and opt out of certain sharing. We do not sell personal information as defined by the California Consumer Privacy Act.

To exercise rights, email touch@jointeapurificat.world with sufficient detail for verification. We respond within thirty (30) days unless extension is permitted.

10. Children

Our website and services are directed to business professionals. We do not knowingly collect data from individuals under sixteen (16). Contact us to request deletion if you believe a minor submitted data.

11. Third-party links

Our site may link to external resources. Their privacy practices are independent. Review their policies before submitting personal data.

12. Changes to this policy

We may update this Privacy Policy to reflect legal or operational changes. The "Last updated" date at the top will change accordingly. Material changes will be highlighted on the website for at least thirty (30) days where practicable.

13. Advertising and remarketing data

If you interact with our advertisements on third-party platforms (such as Google Ads), those platforms may process device identifiers under their own policies. We configure campaigns to describe consulting services accurately and to exclude health-sensitive targeting. When marketing cookies are enabled on our site, they may help measure aggregate ad performance without selling personal information. U.S. state privacy laws may provide opt-out rights regarding certain ad-related sharing; contact us to exercise them.

14. Contact and supervisory authority

Questions about this policy may be directed to touch@jointeapurificat.world or our postal address above. EU residents may also contact their local data protection authority. Our primary establishment for GDPR inquiries is the United States entity listed in Section 1.