Privacy Policy
Last updated: 4 April 2026 — GDPR compliant (Regulation EU 2016/679)
Data controller: BVP France (SIREN 811 661 271) — bph@bvp-europe.com — 24 Avenue de la Gare, 34690 Fabrègues, France
1. Data collected and purposes
LabelCheck.eu only collects data necessary for providing its services:
| Category | Data | Purpose | Legal basis (GDPR art. 6) |
|---|---|---|---|
| User account | Email address, creation date, language | Authentication, account management, report delivery | Contract performance (6.1.b) |
| Label analysis | Submitted image or PDF, product name, category, zone | AI regulatory compliance analysis | Contract performance (6.1.b) |
| Payment | Stripe transaction ID, amount, currency | Billing, subscription management | Contract performance (6.1.b) |
| Browsing | IP address (anonymized), browser, pages visited | Security, anti-fraud, usage statistics | Legitimate interest (6.1.f) |
| Session cookies | Encrypted session identifier | Session maintenance, CSRF protection | Legitimate interest (6.1.f) — necessary for operation |
Data not collected: LabelCheck does not collect health data, biometric data, political opinions or data relating to minors.
2. Retention periods
| Category | 2. Retention periods |
|---|---|
| Account data (email, profile) | Subscription duration + 3 years after account closure |
| Submitted label files | 24 hours for guest analyses (no account) · Subscription duration for active accounts |
| Analysis reports | Subscription duration + 2 years (legal archiving) |
| Payment data (Stripe logs) | 10 years (legal accounting obligation) |
| Security logs (IP, access attempts) | 12 months |
3. Subprocessors and transfers outside the European Union
LabelCheck uses subprocessors, some of which are established outside the European Union. These transfers are governed by appropriate safeguards in accordance with the GDPR:
| Subprocessor | Country | Role | Safeguards |
|---|---|---|---|
| Stripe | United States / Ireland (EU) | Payment processing | Standard Contractual Clauses (SCCs) — stripe.com/privacy |
| Anthropic (Claude API) | United States | AI label analysis | Standard Contractual Clauses (SCCs) — anthropic.com/privacy · Files are not used for model training |
| o2switch | France (EU) | Server hosting | GDPR-compliant hosting, data in France |
| Brevo (Sendinblue) | France (EU) | Transactional emails | GDPR-compliant — brevo.com |
4. Your rights (GDPR art. 15 to 22)
Under the GDPR, you have the following rights:
- Right of access (art. 15): obtain confirmation of processing and a copy of your data
- Right to rectification (art. 16): correct inaccurate or incomplete data
- Right to erasure (art. 17): obtain deletion of your data subject to legal retention obligations
- Right to restriction (art. 18): temporarily suspend processing
- Right to data portability (art. 20): receive your data in a structured, readable format
- Right to object (art. 21): object to processing based on legitimate interest
- Right not to be subject to automated decision-making (art. 22): LabelCheck reports are AI-generated but no legally binding decision is made automatically
To exercise these rights: bph@bvp-europe.com — Response within 30 days.
You also have the right to file a complaint with the CNIL (French data protection authority): www.cnil.fr — 3 Place de Fontenoy, 75007 Paris.
5. Data security
LabelCheck implements appropriate technical and organizational measures to protect your data:
- Encrypted transmission via HTTPS/TLS (HSTS enabled)
- Data access restricted to authorized personnel
- CSRF protection on all forms
- Label files stored outside the webroot
- Payments processed exclusively by Stripe (no credit card data stored by LabelCheck)
- Encrypted sessions, limited to 7 days
6. Cookies
LabelCheck only uses cookies strictly necessary for the operation of the service:
- lc_session: user session maintenance (duration: 7 days) — necessary
- CSRF token: protection against cross-site request forgery attacks — necessary, session-scoped
No advertising, profiling or third-party tracking cookies are placed. If Google Analytics or GTM is activated, a consent banner will be displayed in compliance with applicable regulations.
7. Contact — Data Protection Officer
BVP France is not legally required to appoint a DPO (Data Protection Officer) under Article 37 GDPR. For any question regarding the processing of your personal data, contact:
BVP France — SIREN 811 661 271
Contact: Bruno Philis
Email: bph@bvp-europe.com
Address: 24 Avenue de la Gare, 34690 Fabrègues, France
8. Amendments
This policy may be updated at any time. The update date is indicated at the top of the page. In the event of a substantial modification, registered users will be informed by email.