IRICE ← Back to Home

Privacy Policy

Data Controller

The data controller for data collected through the diagnostic-biodiversite.fr platform is:

IRICE — Simplified Joint Stock Company (SAS), share capital of 20,000 euros
Registered office: Espace Wagner, Building A2, Aix-en-Provence, France
DPO contact: dpo@irice.fr

Data Collected

When using the BPS platform, IRICE collects the following categories of data:

  • Identification data: surname, first name, email address, phone number, position, company.
  • Project data: project name, site address, area, ecological data entered as part of BPS assessments.
  • Connection data: IP address, access timestamps, browser used (security logs).

Processing Purposes

Data is processed for the following purposes:

  • Creation and management of user accounts.
  • Entry, calculation and reporting of BPS scores.
  • Generation of attestations and reports within IRICE certification processes.
  • Management of Biodiversity Partner qualifications.
  • Service-related communications (notifications, updates).
  • Platform security and fraud detection.

Legal Basis

Processing relies on the performance of the service contract (Article 6.1.b of the GDPR) for account management and assessments, and on IRICE legitimate interest (Article 6.1.f) for platform security and service improvement.

Data Retention

Personal data is retained for the duration of the contractual relationship, then archived in accordance with applicable legal obligations (5 years for billing data, 1 year for connection logs). Project data is retained for the validity period of the associated certificate, where applicable.

Recipients

Data is accessible to authorised IRICE staff, strictly within the scope of their duties. It is not shared with third parties for commercial purposes. It may be disclosed to Cofrac during accreditation audits (scope No. 5-0655), in accordance with ISO/IEC 17065 requirements.

Transfers Outside the EU

IRICE does not transfer personal data outside the European Union. Should a processor located outside the EU be engaged, appropriate safeguards (EU Commission standard contractual clauses) would be implemented.

Cookies

The platform uses only strictly necessary cookies for service operation (session, authentication, CSRF protection). No tracking or advertising cookies are placed. These technical cookies do not require prior consent in accordance with CNIL recommendations.

Your Rights

Under the General Data Protection Regulation (GDPR) and the French Data Protection Act, you have the following rights:

  • Right to access your personal data.
  • Right to rectification of inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten"), subject to legal obligations.
  • Right to restriction of processing.
  • Right to data portability.
  • Right to object to processing based on legitimate interest.

To exercise these rights, contact us at dpo@irice.fr. You also have the right to lodge a complaint with the CNIL (www.cnil.fr).

Updates

This privacy policy may be updated at any time. The applicable version is the one accessible on the website at the time of consultation.

Last updated: April 2026.