← Back to Home

Privacy Policy

Last updated: April 15, 2026

Data Controller

The data controller, within the meaning of Art. 4(7) of the General Data Protection Regulation (GDPR), is:

Arthur Cassarin-Grand

Independent specialist — Google Ads & AI

France

hello@arthur-cassarin.com

This policy applies to all processing operations carried out through this website. It complies with the GDPR and French Data Protection Act (Loi Informatique et Libertés, as amended 2018).

Data We Collect

Depending on how you use the site, we may collect the following categories of data:

  • Email address — when you subscribe to the newsletter or send a contact form
  • Segmentation data — professional status, level of expertise, interests (collected at subscription)
  • Connection data — IP address (anonymized), browser type, approximate location (country)
  • Browsing data — pages visited, articles read, links clicked in emails
  • Comment content — name, comment text, IP address at time of posting

Minimum age: you must be at least 15 years old to use this website (French law, Art. 45 LIL / Code conso Art. 8). Under 15, parental consent is required.

Legal Basis for Processing (Art. 6 GDPR)

Processing Legal Basis
Newsletter subscription and sendingConsent (Art. 6.1.a)
Contact form responsesConsent (Art. 6.1.a)
Processing paid ordersContract performance (Art. 6.1.b)
Comment moderationLegitimate interest — site integrity and anti-spam (Art. 6.1.f)
Anti-spam protection (Cloudflare Turnstile)Legitimate interest — security and anti-bot (Art. 6.1.f)
First-party audience analyticsLegitimate interest — content performance measurement (CNIL-exempt, Art. 6.1.f)
Legal compliance and securityLegal obligation (Art. 6.1.c)

Legitimate interest detail: IP addresses in comments are retained for 6 months to allow moderation and legal response to abuse (LCEN Art. 6). First-party analytics data is anonymized and never transferred to third parties.

Data Retention Periods

Data Retention
Newsletter subscriber email + preferencesUntil unsubscription + 1 year archive
Contact form messages2 years
Comments (text + name)Duration of publication
Comment IP addresses6 months (LCEN Art. 6-III)
Purchase data5 years (commercial law)
First-party analytics (anonymized)25 months (CNIL recommendation)
Server connection logs12 months (CPCE Art. R10-13)

Cookies and Trackers

In accordance with the ePrivacy Directive (2002/58/CE) and CNIL deliberation of 17 September 2020, we distinguish between:

Essential cookies (No consent required)

  • Session and authentication cookie (acg_session)
  • Language preference
  • Cookie consent choice (localStorage)

Security (legitimate interest) (No consent required)

  • Cloudflare Turnstile — anti-bot / anti-spam verification on forms

Turnstile is privacy-preserving by design (no cross-site tracking). See Cloudflare's Turnstile Privacy Addendum.

First-party analytics (CNIL-exempt) (No consent required)

  • Internal article view counter — no cookies, anonymized IP (SHA-256 hash), no cross-site tracking, no profiling

Exempt per CNIL deliberation n° 2023-091 on first-party analytics.

Third-Party Services and International Transfers

Some of our service providers are located outside the European Union (primarily in the United States). These transfers are governed by Standard Contractual Clauses adopted by the European Commission (Decision 2021/914):

Service Purpose Country
Cloudflare, Inc.Hosting, Workers, TurnstileUSA — SCC 2021
Resend Inc.Email deliveryUSA — SCC 2021
Stripe Inc.Payment processingUSA — SCC 2021
Bunny.netVideo hosting and CDNEU (Slovenia)

Your Rights (GDPR Art. 15–22)

You have the following rights regarding your personal data:

  • Right of access (Art. 15) — obtain a copy of your data
  • Right to rectification (Art. 16) — correct inaccurate data
  • Right to erasure (Art. 17) — request deletion ("right to be forgotten")
  • Right to restriction (Art. 18) — limit processing in certain cases
  • Right to portability (Art. 20) — receive your data in a structured, machine-readable format
  • Right to object (Art. 21) — object to processing based on legitimate interest
  • Right to withdraw consent — at any time, without affecting prior processing

To exercise these rights, contact us via our contact page. We will respond within 1 month (Art. 12.3 GDPR). This period may be extended by 2 months for complex requests, with prior notice.

Right to Complain to the CNIL

If you believe your data protection rights have not been respected, you may lodge a complaint with the Commission Nationale de l'Informatique et des Libertés (CNIL), the French supervisory authority:

CNIL

3 Place de Fontenoy — TSA 80715 — 75334 PARIS CEDEX 07

https://www.cnil.fr/fr/plaintes

EU residents outside France may also contact their local Data Protection Authority.

Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, alteration, disclosure, or destruction. All data transmission is encrypted via TLS/HTTPS. The site is hosted on Cloudflare Workers' distributed infrastructure.

In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify the CNIL within 72 hours (Art. 33 GDPR) and, if the risk is high, inform the affected persons without undue delay (Art. 34 GDPR).

Contact

For any questions about this Privacy Policy or to exercise your rights, please use our contact page or email directly: hello@arthur-cassarin.com.

Changes to This Policy

We may update this Privacy Policy from time to time. Any material changes will be posted on this page with an updated revision date. For significant changes affecting your rights, registered users will be notified by email.