1. Data Controller
The data controller for personal data collected on the LotoIA website is:
Jean-Philippe Godard
EmovisIA
3 rue Alexandre Riou
44270 Machecoul-Saint-Même, France
Email : rgpd@lotoia.fr
Phone : 06 99 55 22 10
2. Data Collected
Automatically collected data
| Data | Type | Storage |
|---|---|---|
| Session ID | UUID v4 | sessionStorage |
| Theme preference | Light / Dark | localStorage |
| Usage data | Server logs | 30 days |
Data NOT collected
LotoIA does not collect the following data:
- Name, surname, postal address
- Email address (unless voluntarily provided by you)
- Phone number
- Payment data
- Precise geolocation
- Biometric data
- Health data
Conversations with the HYBRIDE chatbot
When you use the HYBRIDE chatbot, your exchanges (questions asked and responses generated) are recorded anonymously to improve the service. No directly identifying personal data is retained: your IP address is transformed using an irreversible hashing process (SHA-256) and no name, email or identifier is associated with conversations. This data is retained for a maximum of 90 days, after which it is automatically deleted. The legal basis for this processing is legitimate interest (Article 6.1.f GDPR) aimed at improving response quality and service reliability. You may exercise your rights of access, rectification and deletion by contacting us at contact@lotoia.fr.
No registration is required to use LotoIA.
3. Purposes of Processing
Data is used for:
- Service operation: session management, user preference retention
- Personalisation: remembering your chosen visual theme
- Usage statistics: aggregated and anonymised traffic analysis
- Improvement: performance optimisation and user experience enhancement
- Security: abuse detection and prevention
Your data is never used for:
- Behavioural profiling
- Targeted advertising
- Resale to third parties
- Automated decisions concerning you
4. Legal Basis
In accordance with Article 6 of the General Data Protection Regulation (GDPR), data processing is based on:
| Legal basis | Article | Application |
|---|---|---|
| Legitimate interest | 6.1.f | Operation, statistics, security |
| Consent | 6.1.a | Non-essential cookies |
| Legal obligation | 6.1.c | Regulatory compliance |
5. Retention Periods
| Data | Duration |
|---|---|
| Session ID | Duration of the browser session |
| Theme preference | Until deleted by the user |
| Server logs | 30 days |
| Contact emails | 3 years |
| Consent cookies | 13 months |
6. Data Recipients
Collected data is processed exclusively internally and by our hosting provider:
Google Cloud Platform
EU hosting (europe-west1 region)
Certifications : ISO 27001, SOC 2
Your data is never sold to third parties.
7. Transfers Outside the EU
Data is primarily hosted within the European Union. Should any data be transferred to the United States (Google Cloud services), such transfers are governed by:
- Standard Contractual Clauses (SCCs) approved by the European Commission
- EU-US Data Privacy Framework (adequacy decision of 10 July 2023)
8. Your Rights
In accordance with Articles 15 to 22 of the GDPR, you have the following rights:
Right of access
Obtain confirmation that your data is being processed and receive a copy of it.
Right to rectification
Request the correction of inaccurate or incomplete data.
Right to erasure
Request the deletion of your personal data.
Right to restriction
Request restriction of the processing of your data.
Right to portability
Receive your data in a structured, commonly used and machine-readable format.
Right to object
Object to the processing of your data at any time.
Withdrawal of consent
Withdraw your consent at any time, without affecting the lawfulness of prior processing.
Post-mortem directives
Define directives regarding the fate of your data after your death.
Exercise your rights
Contact us at rgpd@lotoia.fr. We will respond within one month.
In case of a dispute, you may lodge a complaint with the competent supervisory authority:
ICO (Information Commissioner's Office)
Website: www.ico.org.uk
9. Cookies
LotoIA uses a very limited number of cookies, mainly technical. For detailed information about the cookies used, their purpose and duration, please see our Cookie Policy.
10. Security
We implement appropriate technical and organisational measures to protect your data:
- HTTPS/TLS encryption for all communications
- Google Cloud certifications (ISO 27001, SOC 2)
- Regular updates of dependencies and system
- Restricted access to data (principle of least privilege)
- Data minimisation: only strictly necessary data is collected
- Pseudonymisation: session identifiers are random UUIDs with no link to your identity
11. Modifications
This privacy policy may be updated to reflect legal or regulatory developments, or changes to the service.
In case of a substantial modification, a notice will be published on the site. The date of the last update is shown at the top of this page.
12. Contact
For any question regarding the protection of your personal data, you may contact us:
Personal data (DPO)
- Email : rgpd@lotoia.fr
General contact
- Email : contact@lotoia.fr
Response time: 1 month maximum in accordance with the GDPR.