Skip to content
Privacy

Privacy policy

This policy describes how personal data is collected, used and protected on pierretouzet.fr. It is intended for visitors to the site.

1. Data controller

The data controller for personal data collected via pierretouzet.fr is Pierre Touzet, sole proprietor (French micro-enterprise), reachable at: pierre.touzet@mecontacter.eu.

2. Data collected, purposes and legal bases

The processing activities carried out on this site are as follows:

  • Contact form (/contact)

    Data: name, email address, subject and message. Transmission: the form opens your email client via a mailto link and no data is stored on the site's server. Purpose: to reply to you. Legal basis: pre-contractual measures at your request (art. 6.1.b GDPR). Retention: kept in your email thread, manually purged after the conversation ends (typically 12 months).

  • Booking a meeting (Cal.com)

    If you use the « Book a slot » button, you are redirected to Cal.com (Cal.com, Inc.) which acts as an independent data controller. Booking data (name, email, slot) is sent directly to them. See Cal.com's policy: cal.com/privacy.

  • Ebook download (/ebook)

    The PDF is served as a direct download. No personal data is collected to access it.

  • Audience measurement (Vercel Analytics, Vercel Speed Insights)

    Data: page viewed, referrer, device type, country, Core Web Vitals metrics. These tools use neither cookies nor persistent identifiers. Purpose: measure audience and technical performance. Legal basis: publisher's legitimate interest in improving the site (art. 6.1.f GDPR). CNIL compliance: exempt from consent for audience measurement, default configuration. Retention: 30 days at Vercel.

  • Admin authentication cookie

    A technical cookie `admin-auth` (HttpOnly, Secure, SameSite=strict, 24 h lifetime) is set only when the site editor logs in to the admin area. It never applies to visitors. Legal basis: legitimate interest (IT system security).

3. Recipients and subprocessors

Data is only accessible to the data controller. The following subprocessors are involved in running the site:

  • Vercel Inc. — hosting, analytics, server logs

    Vercel Inc. (440 N Baxter St, Coppell, TX 75019, United States) hosts the site and collects audience metrics. Vercel is certified under the EU-U.S. Data Privacy Framework (DPF). A Data Processing Agreement is in place (vercel.com/legal/dpa).

  • GitHub Inc. — code and blog articles storage

    GitHub Inc. (88 Colin P Kelly Jr St, San Francisco, CA 94107, United States) hosts the site repository. Blog articles (public content) are stored there. GitHub is certified under the EU-U.S. Data Privacy Framework.

  • Anthropic PBC — content generation, admin-side only

    Anthropic PBC (San Francisco, United States) provides the Claude model used only by the editor in the admin area to assist with drafting. No visitor data is ever sent to Anthropic.

4. Transfers outside the European Union

Technical data (audience metrics, access logs) is processed in the United States via Vercel Inc. Vercel is certified under the EU-U.S. Data Privacy Framework, a mechanism recognised by the European Commission as providing an adequate level of protection (adequacy decision of 10 July 2023). A subprocessor agreement (DPA) with standard contractual clauses applies in addition.

5. Your rights

Under articles 15 to 22 of the GDPR and the French Data Protection Act, you have the right to access, rectify, erase, restrict processing of, object to processing of, and port your data. You can exercise these rights by emailing pierre.touzet@mecontacter.eu. A response will be provided within a maximum of one month.

6. Lodging a complaint with the CNIL

If you believe the processing of your personal data is not compliant with the regulation, you have the right to lodge a complaint with the CNIL (French data protection authority), 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 — www.cnil.fr.

7. Cookies and trackers

This site uses no advertising, third-party analytics or personalisation cookies. The only cookie set (`admin-auth`) is used exclusively for editor authentication and does not apply to visitors. No consent banner is therefore required (CNIL recommendation of 17 September 2020 on exempted audience measurement).

8. Security

The site applies technical security measures: enforced TLS encryption (HSTS preloaded), restrictive Content-Security-Policy, HttpOnly/Secure/SameSite=strict cookies for the admin area, HMAC-signed authentication. Passwords and secrets are never exposed client-side.

9. Policy updates

This policy may be updated to reflect changes to the site or regulation. The last update date appears at the bottom of this page.

Last updated: 2026-04-22