Privacy policy

Privacy policy for personal data

Lemonway, as data controller, responds to its obligations to comply the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation) and with Act n°78-17 of 6 January 1978 on Information Technology, data files and civil liberties.


The data controller is the company LEMONWAY, having its registered office at 8 Rue du Sentier, 75002 Paris – France. Tel : +33 1 76 44 04 60


Lemonway collects directly and indirectly the following categories of data concerning its Users:

  • Civil status, identity, identification data, …
  • Data related to professional activity (CV, education, professional training, distinctions, etc.)
  • Economic and financial data (income, financial situation, tax situation, etc.)
  • Connection data (IP addresses, event logs…)


In the context of the operation of the Site and our services, the processing of personal data has as its purpose the management of customers, the creation and management of accounts, the management of contracts, regulatory control in the anti against money laundering, prospecting, the preparation of statistics, the management of requests for access, rectification and opposition rights


You have the following rights within the limits provided by applicable regulations.

  • Right of access to the personal data you have provided;
  • Right to rectification of personal data provided;
  • Right to have your personal data deleted;
  • Right to request a personal processing limitation;
  • Right of objection for legitimate reasons;
  • Right to data portability;
  • Right to lodge a complaint with a supervisory authority (CNIL).


Your personal data may be disclosed pursuant to a law, regulation or decision of a competent regulatory or judicial authority.


The personal data that Lemonway collects are kept for the time necessary for the purpose of processing. Beyond this retention period, they become intermediate archives, or they are anonymised and kept for statistical or historical purposes.

Purges concerning your personal data are set up in order to verify the effective deletion as soon as the conservation or archiving period necessary for the fulfilment of the determined or imposed purposes is reached.


A cookie is a text file that can be placed on your device when you visit a website. A cookie file allows its issuer to identify the terminal in which it is stored.

Lemonway undertakes not to store cookies for more than 12 months after the first deposit in the User’s terminal. The validity period of the User’s consent is also 12 months. The law provides for a maximum storage period of cookies of 13 months maximum.

Lemonway uses cookies for technical purposes to ensure the proper functioning of its Website. Cookies may be used for statistical purposes, in particular to optimise the services provided to the User, based on the processing of information concerning the frequency of access, the personalisation of pages, as well as the operations carried out and the information consulted:

Supplier: PLEZI
Name of cookie: VISITOR
Purpose: To automate marketing actions, to manage the publication of content and to publish forms: you are asked for consent to submit forms for the collection of your personal information.

Social network sharing cookies are issued and managed by the publisher of the social network concerned. If you consent, these cookies allow you to easily share some of the content published on our website, in particular through a “button” application sharing according to the social network concerned. 


Lemonway complies with European regulations and French law regarding data transfers to a country located outside the European Economic Area. Lemonway will inform and seek the consent of its users.


Lemonway implements the appropriate technical and organisational measures to guarantee an appropriate level of security. The technical measures implemented by Lemonway delow.


If you have any questions regarding the user’s privacy policy, or to exercise your rights, you can contact Lemonway at the following email address: [email protected]


We undertake to implement all appropriate technical and organisational measures to guarantee a level of security appropriate to the risks of accidental, unauthorised or illegal access, disclosure, alteration, loss or destruction of personal data concerning you. In the event that we become aware of illegal access to your personal data stored on our servers or those of our subcontractors, or unauthorized access resulting in the realization of the risks identified above, we undertake to:

  • Notify the incident as soon as possible;
  • Take the necessary measures within reasonable limits to eliminate or reduce the negative effects and harms that may result from the incident.


Under no circumstances can the commitments defined in the point above related to the violation of personal data be assimilated to any admission of fault or liability for the occurrence of the incident in question.


If this Privacy Policy changes, Lemonway will not substantially reduce the level of privacy without first informing the individuals concerned and obtaining your consent.

Please note that the privacy policy may be modified or supplemented at any time, in particular in order to comply with any legislative, regulatory, jurisprudential or technological changes. These modifications commit the User as soon as they are put online. It is therefore advisable that the User regularly consults the privacy policy in order to become aware of any changes.

Technical measures in place for GDPR compliance

In accordance with the Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to processing personal data and the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation), and in particular Article 32, and the amended Act No. 78-17 of 6 January 1978 on Information technology, Data Files and Civil Liberties, Lemonway ensures the security of your personal data through the following technical and organisational measures:


All data (documents, digital data) are stored in automatically encrypted file systems on the fly (AES-256) and compatible with the General Data Protection Regulations through FIPS 140-2 certified software.

Data hosting is located in France in ISO 27001 and PCI DSS compliant data centers.


Rights of access shall be subject to compliance with internal allocation procedures and shall meet the following requirements:

  • Monitoring of groups and directories with a security policy reinforcing data control;
  • Reduction of access rights with an “a minima” principle, i.e. maintaining the principle of the least privilege. If it is not necessary, the right of access is not allowed;
  • Fine management of authorisations and revocation in the event of users leaving or being transferred.

The monitoring of rights of access is subject to ongoing internal control by our compliance team.


Lemonway has chosen for many years to trust the antivirus and anti-malware solution publisher McAfee with its VirusScan Enterprise suite, which is deployed throughout the information system. Network protection solutions are also in place with the use of the latest generation firewalls equipped with advanced features such as UTM (Unified Threat Management), DDOS automatic protection solutions (DPS) and a WAF (Web Application Firewall) operated by the company Imperva.

The information system is continuously analysed by Tenable’s Nessus agents in order to trace any new detected vulnerability in real time. A SIEM (Security Information and Event Management) completes the system in order to collect and analyse all the sensitive activities involved in all IS components.


A strong password management policy is in place (unique identifier, complexity, size, regular change, limitation of attempts, etc.), security policies have been defined and implemented. The correct application of these policies is regularly and automatically monitored on all IS machines using specific monitoring agents and any anomalies are reported to the security team.


Lemonway secures all communications to its applications via the use of SSL – TLS 1.2 point-to-point encrypted connection (systematic HTTPS use, SHA-2 certificates). A network partitioning of the different environments is set up, DMZ (Demilitarized Zone) as well as IDS (Intrusion Detection System) intrusion detection systems