Privacy

Privacy Policy

Site : florianbeaufils.com Established on 17 April 2026 Last revised : 17 April 2026

In short

This site collects almost nothing about you. No advertising cookies, no trackers, no analytics, no forms. The only personal data I receive is your email address and message content when you voluntarily write to me via the contact link.

Your browsing on this site is private. The technical and legal details that follow are provided for transparency and GDPR compliance purposes.

Data controller

In accordance with Article 4.7 of the General Data Protection Regulation (Regulation EU 2016/679, hereafter "GDPR") and the French Data Protection Act (loi n° 78-17 of 6 January 1978 as amended), the data controller for personal data collected on the site florianbeaufils.com is:

Name Florian Beaufils, sole trader
SIRET (FR) 987 477 924 00011
Address 46 rue Lucien Faure, 33300 Bordeaux, France
Contact [email protected]

As a sole trader operating under the French micro-enterprise regime, I am not required to appoint a Data Protection Officer (DPO). I am my own point of contact for any question relating to personal data.

General principles

Personal data processing on this site is based on the following principles, in accordance with Article 5 of the GDPR:

  • Lawfulness, fairness and transparency: processing activities are based on a clear legal ground, documented in this policy.
  • Purpose limitation: data is used only for the purposes explicitly described below.
  • Data minimisation: only data strictly necessary for each purpose is collected.
  • Accuracy: inaccurate data may be rectified upon request.
  • Storage limitation: data is retained for a period proportionate to its purpose.
  • Integrity and confidentiality: data is protected by appropriate technical and organisational measures.

Data collected and processing activities

The site carries out two distinct personal data processing activities, described below. No other processing is carried out.

Processing no. 1 — Contact by email

Purpose: to allow visitors to contact me for professional enquiries, collaboration proposals, quote requests, or feedback on the site.

Legal basis: legitimate interest of the data controller (Article 6.1.f GDPR) in receiving and handling professional solicitations, combined with the voluntary action of the sender who initiates contact.

Data collected:

  • Sender's email address
  • First and last name (if included in the message or signature)
  • Content of the message sent
  • Technical metadata (date, subject, originating server)

Collection method: exclusively via mailto: links on the site. The site has no contact form. The visitor uses their own email client to send the message.

Retention period: messages are retained in my inbox for the time needed to process them, then archived or deleted based on their relevance. The maximum retention period is 3 years from the date of last contact, in line with CNIL recommendations for managing client and prospect relationships.

Recipients: only the data controller (Florian Beaufils) accesses the messages. Messages transit and are stored via the following technical services: Google LLC (Gmail) and Apple Inc. (Mail client on macOS/iOS). See the "Sub-processors and transfers" section for details.

Processing no. 2 — Accessibility and display preferences

Purpose: to remember your personal preferences (text size, spacing, high contrast, light/dark theme, etc.) so they can be restored on your next visits to the site.

Legal basis: legitimate interest of the data controller (Article 6.1.f GDPR) in providing an accessible and consistent user experience. Local storage does not require prior consent as it is strictly necessary to provide a service explicitly requested by the user (CNIL deliberation no. 2020-091).

Data collected: only your personalisation choices (e.g. text size = "Large", high contrast = enabled). No personally identifying data is linked to these preferences.

Collection method: local storage in your browser via the localStorage API. The data never leaves your device and is not transmitted to any server, including mine.

Retention period: until you manually delete it (via the reset button in the comfort panel, or via your browser settings).

Recipients: none. The data remains exclusively on your device.

What is not collected

In the interest of transparency and as part of a sustainable digital design approach, the site does not use the following:

  • No advertising or tracking cookies.
  • No third-party audience measurement tools (no Google Analytics, Matomo, Plausible, Hotjar, or equivalent).
  • No tracking pixels (Meta Pixel, LinkedIn Insight Tag, etc.).
  • No social media integrations via widgets or share buttons (links to LinkedIn are plain HTML links, without any third-party script).
  • No web fonts loaded from an external CDN (no Google Fonts, no Adobe Fonts).
  • No collection forms (newsletter, contact, registration).
  • No advertising.
  • No automated collection of browsing data (time on site, pages viewed, user journeys, etc.) by the data controller.

Only minimal technical logs are collected by the hosting provider (Cloudflare) for security and performance purposes. See the next section.

Sub-processors and international transfers

The technical operation of the site requires the use of sub-processors within the meaning of Article 28 of the GDPR. Each is listed below with its purpose, location, and the applicable safeguards for transfers outside the European Union.

Cloudflare, Inc. — Hosting, CDN and DNS

Company Cloudflare, Inc.
Registered office 101 Townsend Street, San Francisco, CA 94107, United States
Purpose Static hosting (Cloudflare Pages), global Edge content delivery, DNS management, DDoS mitigation, technical logging
Data processed IP address, user-agent, URL visited, timestamp (standard technical logs, used for security and abuse mitigation)
Retention Technical logs: typically 30 days, per Cloudflare's policy
Location Global Edge network; European visitors are served primarily from European nodes (Paris, Frankfurt, Amsterdam, etc.)
Transfer basis Data Privacy Framework (DPF) — Cloudflare is certified — and European Commission Standard Contractual Clauses (SCCs)
Policy cloudflare.com/privacypolicy

Infomaniak Network SA — Domain registrar

Company Infomaniak Network SA
Registered office Rue Eugène-Marziano 25, 1227 Les Acacias (Geneva), Switzerland
Purpose Registration and renewal of domain names (florianbeaufils.com and .fr)
Data processed Holder identity and contact details (WHOIS), masked from the public by default (Domain Privacy)
Location Switzerland
Transfer basis European Commission adequacy decision (2000/518/EC) — no specific mechanism required
Policy infomaniak.com/en/cgv/privacy-policy

Google LLC — Email inbox (Gmail)

Company Google LLC
Registered office 1600 Amphitheatre Parkway, Mountain View, CA 94043, United States
Purpose Receiving, storing and managing messages sent by visitors
Data processed Sender's email address, message content, metadata
Transfer basis Data Privacy Framework (DPF) — Google is certified
Policy policies.google.com/privacy

Apple Inc. — Mail client (macOS/iOS)

Company Apple Inc.
Registered office One Apple Park Way, Cupertino, CA 95014, United States
Purpose Local consultation of messages on my personal devices
Data processed Message content downloaded from Gmail via IMAP protocol
Transfer basis Data Privacy Framework (DPF) — Apple is certified. Messages are stored locally on the device.
Policy apple.com/legal/privacy/en-ww

Transfers outside the European Union

The three sub-processors listed above are American companies. Transfers of personal data to the United States are governed by the Data Privacy Framework (DPF), adopted by the European Commission by adequacy decision of 10 July 2023, to which all three companies adhere. This framework provides guarantees considered equivalent to those of the GDPR for transferred data.

Cookies and local storage

The site sets no cookies on your browser, neither directly nor through third-party services.

Local storage (localStorage)

The site uses only the browser's localStorage API to remember your accessibility and display preferences. This technology is distinct from cookies: the data stays exclusively on your device, is not transmitted to any server, and cannot be used for cross-site tracking.

The storage keys used are as follows:

  • theme-preference: chosen theme ('light' or 'dark')
  • comfort-preferences: a JSON object containing all comfort panel settings (text size, spacing, line height, high contrast, alignment, saturation, cursor, etc.)

You can delete this data at any time via the reset button in the comfort panel, or via your browser settings (clear site storage).

Legal basis for local storage

In accordance with CNIL deliberation no. 2020-091 of 17 September 2020, trackers strictly necessary for the provision of a service explicitly requested by the user (here, accessibility personalisation) are exempt from prior consent. No cookie banner is therefore required on this site.

Your rights

In accordance with Articles 15 to 22 of the GDPR and Articles 48 to 56 of the French Data Protection Act, you have the following rights over any personal data I hold about you:

  • Right of access (Article 15 GDPR): to obtain confirmation that data about you is being processed, and to receive a copy.
  • Right to rectification (Article 16 GDPR): to obtain correction of inaccurate or incomplete data.
  • Right to erasure (Article 17 GDPR, "right to be forgotten"): to obtain deletion of data in the cases provided for by the regulation.
  • Right to restriction of processing (Article 18 GDPR): to obtain a temporary freeze on the use of your data in certain cases.
  • Right to data portability (Article 20 GDPR): to receive your data in a structured, commonly used and machine-readable format.
  • Right to object (Article 21 GDPR): to object, on grounds relating to your particular situation, to processing based on legitimate interest.
  • Right to give post-mortem instructions (Article 85 of the French Data Protection Act): to define what happens to your data after your death.

How to exercise your rights

To exercise any of these rights, simply send a request by email to [email protected] specifying:

  • The right you wish to exercise
  • The email address from which you may have contacted me
  • Proof of identity if necessary to confirm the request comes from you

I commit to responding to your request within a maximum of one month from receipt, in accordance with Article 12.3 of the GDPR. This deadline may be extended by two months for complex requests, in which case you will be notified.

Right to lodge a complaint

If you believe, after contacting me, that your rights are not being respected, you may lodge a complaint with the French data protection authority (CNIL):

  • By post: CNIL — 3 place de Fontenoy, TSA 80715, 75334 Paris CEDEX 07, France
  • Online: cnil.fr/fr/plaintes

Security measures

The following technical and organisational measures are implemented to protect personal data, in accordance with Article 32 of the GDPR:

  • Encrypted communications: the entire site is served over HTTPS via the Universal SSL TLS certificate provided by Cloudflare (renewed automatically). TLS 1.3 minimum, TLS 1.0 and 1.1 disabled.
  • Two-factor authentication enabled on the Gmail and Apple accounts used to access messages.
  • No personal database: as the site is static, no personal data is stored in a database.
  • Restricted access: only the data controller accesses received messages.
  • Regular updates of operating systems and software used to access data.

Data of minors

This site is intended for a professional adult audience (recruiters, clients, prospects, collaborators). It is not designed or directed at minors under 15 years of age.

No active collection of data concerning minors is carried out. If a minor wishes to contact me by email, it is noted that, in accordance with Article 8 of the GDPR and Article 45 of the French Data Protection Act, the consent of their legal representatives is required for the processing of their personal data below the age of 15.

Sensitive data

The site collects no sensitive data within the meaning of Article 9 of the GDPR, namely: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a person's sex life or sexual orientation.

Visitors are advised not to voluntarily transmit such data in their messages.

Policy updates

This privacy policy may be updated to reflect legal, technical or functional changes to the site. The date of last update appears at the top of this page.

Visitors are invited to check this page regularly. In the event of a substantial change (new purpose, new sub-processor, new international transfer), a visible notice will be displayed on the home page for a reasonable period.

Applicable law

This privacy policy is governed by French law and the GDPR. In the event of a dispute, and in the absence of an amicable settlement, the French courts shall have sole jurisdiction.

Contact

For any question relating to this policy or to your personal data:

Data controller

Florian Beaufils
46 rue Lucien Faure, 33300 Bordeaux, France
[email protected]

Privacy policy established on 17 April 2026 by Florian Beaufils. Last updated: 17 April 2026.