Privacy policy
1. Definitions / Principles
“Personal data” refers to any information that can identify an individual, directly or indirectly, in accordance with the GDPR (EU Regulation 2016/679) and the French Data Protection Act (Loi Informatique et Libertés).
2. Data controller
The data controller is Little John SAS, represented by its legal representative Olivier Legrand.
Address: 29 rue des Ravilliers, 75003 Paris, France
Contact: admin@little-john.io
3. Purpose of data processing
The data collected may be used for the following purposes:
- Fraud and spam prevention;
- Improving user experience (analytics, statistics);
- Satisfaction surveys;
- Communication campaigns (email, SMS), if the user has given consent.
4. Legal basis
Processing is necessary for the performance of a contract or subscribed services, or is based on the user’s consent (for marketing campaigns, non-essential cookies, etc.).
Processing may also be carried out to comply with a legal obligation or to pursue the legitimate interests of the data controller (e.g., security).
5. Data recipients / subprocessors
Data may be accessed by internal departments (customer support, technical teams).
It may also be shared with service providers or subprocessors when necessary for the purposes described above, provided they offer GDPR-compliant safeguards.
Data will not be transferred to non–EU countries without adequate protection, unless the user has been informed beforehand.
6. Data retention
Data is retained for as long as necessary to fulfill the purposes for which it was collected, unless longer retention is required by law.
7. User rights
In accordance with the GDPR, users have the following rights:
- Right of access to their personal data (Art. 15);
- Right to rectification (Art. 16);
- Right to erasure / right to be forgotten (Art. 17);
- Right to restriction of processing (Art. 18);
- Right to object (Art. 21);
- Right to data portability (Art. 20);
- Right to withdraw consent at any time;
- Right to define post-mortem data processing instructions.
To exercise these rights, users may contact:
Little John SAS
29 rue des Ravilliers
75003 Paris
France
and include a copy of an identity document.
Users may also lodge a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés).
8. Data security
Little John SAS takes all reasonable technical and organizational measures to protect personal data (encryption, pseudonymization, access control, firewalls, etc.).
In the event of a security breach, affected users and the competent supervisory authority will be notified within the time limits prescribed by law.
9. Cookies and tags
The website uses cookies—files stored on the user’s device—to enhance navigation, analyze usage, and remember user preferences.
Users can configure their browsers to accept, refuse, or be notified before cookies are stored.
Some cookies (non-essential) are only placed with the user’s consent.
The website may also use tags (tracking pixels) on its pages for analytics or campaign performance measurement.
10. Incident notification
No method of data transmission or storage is completely secure.
In the event of a personal data breach, Little John SAS will notify affected users and the competent supervisory authority in accordance with legal obligations.
11. Policy updates
This privacy policy may be updated at any time.
The online version published on the website shall prevail.
Users are encouraged to review it periodically.