Last updated: [DD/MM/YYYY]
Site: [site name / domain]
Controller: [First name Last name] – [email]
This Policy explains what personal data we collect on [site name], why we collect it, on what legal bases, how long we keep it, and how to exercise your rights.
Contact form: [name, email, message]
Email exchanges: message content and attachments, where applicable
Server logs (generated by the host): IP address, user-agent, pages viewed, date/time (for security and troubleshooting)
Voluntary submissions: any information you provide (e.g., collaboration requests)
By default, this site does not use analytics or advertising cookies. If you enable third-party services later (YouTube/Vimeo embeds, Analytics, reCAPTCHA, etc.), see §9.
Responding to messages sent via form/email
Legal basis: legitimate interests (Art. 6(1)(f) GDPR) in handling enquiries, or consent if you choose to rely on it.
Security & fraud prevention (technical logs)
Legal basis: legitimate interests in securing the service.
Evidence in case of disputes (traceability of exchanges)
Legal basis: legitimate interests in establishing, exercising, or defending legal claims.
Contact messages / emails: 12 months after the last interaction (unless a longer legal obligation applies).
Server logs: 3–12 months depending on the hosting provider ([name your host]).
Pre-contractual/contractual documents (if collaboration): up to 5 years (statutory limitation).
Site publisher: [First name Last name]
Hosting provider: [Company + address] (storage & logs)
Necessary technical tools (if any): [e.g., form tool, webmail]
Data is not sold and is not shared for marketing purposes.
By default, we perform no transfers outside the EEA.
If you later enable services that may involve transfers (e.g., YouTube, Google Analytics, reCAPTCHA), see §9 and specify the safeguards (Standard Contractual Clauses, EU hosting, anonymisation, etc.).
You have rights of access, rectification, erasure, restriction, objection, and data portability.
To exercise them, email [email].
You may also lodge a complaint with your supervisory authority (in France: the CNIL, www.cnil.fr).
We implement reasonable technical and organisational measures (secure hosting, updates, limited access). No method is 100% secure.
By default, we only use cookies strictly necessary for the site to function (if any).
If optional services are activated, we will use a consent banner allowing you to accept or refuse non-essential cookies. You can also configure your browser to block cookies (some features may degrade).
9.1 Analytics (e.g., Google Analytics with IP anonymisation / Matomo)
Data: cookie identifiers, pages/events, anonymised IP.
Purpose: audience measurement and site improvement.
Legal basis: consent (via banner).
Retention: [e.g., 14 months].
Info: [link to provider’s policy].
9.2 reCAPTCHA (form protection)
Provider: [Google reCAPTCHA v3/v2].
Purpose: spam/bot protection.
Legal basis: legitimate interests (site security) or consent (choose one).
Possible transfers outside EEA: yes (state safeguards).
Info: [link].
9.3 Embedded video players (YouTube/Vimeo)
Data: IP address, user-agent, cookies/trackers set by the player.
Purpose: video display.
Legal basis: consent (recommend “2-click” loading plus youtube-nocookie mode).
9.4 Web fonts / external CDNs (e.g., Google Fonts)
Recommendation: host fonts locally.
If loaded from a CDN: legal basis consent; identify the provider.
9.5 Social networks (links/widgets)
Prefer simple links. Avoid widgets that set cookies without user action. If used, load them after consent.
This site is not intended specifically for children and does not knowingly collect their data. If you believe a child has provided data, contact us for deletion.
We may update this Policy. The last updated date appears at the top. Material changes will be indicated on the site.
[First name Last name] – [email] – [postal address]
DPO: [None / contact details if appointed]