Privacy
Privacy Policy
This site collects almost nothing about you. No cookies, no advertising pixels, no third-party profiling tools, no forms. The only personal data I receive is your email address and message content when you voluntarily write to me via the contact link.
Anonymous audience measurement is performed via Cloudflare Web Analytics: cookieless, no IP address stored, no fingerprinting, no cross-site profile, and switchable off at any time from the comfort panel (under "Privacy").
Your browsing on this site is private. The technical and legal details that follow are provided for transparency and GDPR compliance purposes.
Data controller
In accordance with Article 4.7 of the General Data Protection Regulation (Regulation EU 2016/679, hereafter "GDPR") and the French Data Protection Act (loi n° 78-17 of 6 January 1978 as amended), the data controller for personal data collected on the site florianbeaufils.com is:
As a sole trader operating under the French micro-enterprise regime, I am not required to appoint a Data Protection Officer (DPO). I am my own point of contact for any question relating to personal data.
General principles
Personal data processing on this site is based on the following principles, in accordance with Article 5 of the GDPR:
- Lawfulness, fairness and transparency: processing activities are based on a clear legal ground, documented in this policy.
- Purpose limitation: data is used only for the purposes explicitly described below.
- Data minimisation: only data strictly necessary for each purpose is collected.
- Accuracy: inaccurate data may be rectified upon request.
- Storage limitation: data is retained for a period proportionate to its purpose.
- Integrity and confidentiality: data is protected by appropriate technical and organisational measures.
Data collected and processing activities
The site carries out three distinct personal data processing activities, described below. No other processing is carried out.
Processing no. 1 — Contact by email
Purpose: to allow visitors to contact me for professional enquiries, collaboration proposals, quote requests, or feedback on the site.
Legal basis: legitimate interest of the data controller (Article 6.1.f GDPR) in receiving and handling professional solicitations, combined with the voluntary action of the sender who initiates contact.
Data collected:
- Sender's email address
- First and last name (if included in the message or signature)
- Content of the message sent
- Technical metadata (date, subject, originating server)
Collection method: exclusively via mailto:
links on the site. The site has no contact form. The visitor uses their own
email client to send the message.
Retention period: messages are retained in my inbox for the time needed to process them, then archived or deleted based on their relevance. The maximum retention period is 3 years from the date of last contact, in line with CNIL recommendations for managing client and prospect relationships.
Recipients: only the data controller (Florian Beaufils) accesses the messages. Messages transit and are stored via the following technical services: Infomaniak Network SA (kMail inbox hosted in Switzerland) and Apple Inc. (Mail client on macOS/iOS for local consultation). See the "Sub-processors and transfers" section for details.
Processing no. 2 — Accessibility and display preferences
Purpose: to remember your personal preferences (text size, spacing, high contrast, light/dark theme, etc.) so they can be restored on your next visits to the site.
Legal basis: legitimate interest of the data controller (Article 6.1.f GDPR) in providing an accessible and consistent user experience. Local storage does not require prior consent as it is strictly necessary to provide a service explicitly requested by the user (CNIL deliberation no. 2020-091).
Data collected: only your personalisation choices (e.g. text size = "Large", high contrast = enabled). No personally identifying data is linked to these preferences.
Collection method: local storage in your browser via the
localStorage API. The data never leaves your device and is not
transmitted to any server, including mine.
Retention period: until you manually delete it (via the reset button in the comfort panel, or via your browser settings).
Recipients: none. The data remains exclusively on your device.
Processing no. 3 — Anonymous audience measurement (Cloudflare Web Analytics)
Purpose: to measure aggregate traffic on the site (most-visited pages, country of origin at national level, technical Core Web Vitals) in order to guide future updates and detect potential performance issues.
Legal basis: legitimate interest of the data controller (Article 6.1.f GDPR) in understanding aggregate site usage. In accordance with CNIL deliberation no. 2020-091 of 17 September 2020, this measurement falls within the consent exemption for strictly necessary audience trackers, as the mechanism is cookieless, does not enable cross-site tracking and offers a straightforward opt-out (see below).
Data collected:
- URL of the page visited and referrer URL
- Country of origin (national level, derived server-side)
- Device type, browser and operating system (aggregated)
- Technical performance indicators (Core Web Vitals)
What is not collected: no cookie is set in your browser, no IP address is stored by Cloudflare in the reports, no fingerprinting is computed, and no cross-site user profile is built.
Collection method: a lightweight script
(beacon.min.js) is loaded from
static.cloudflareinsights.com only when measurement is not
disabled by the user. This script sends a minimal beacon to
Cloudflare on each page load.
Opt-out: measurement can be turned off at any time
from the comfort panel (under "Privacy", toggle
"Audience measurement"). Once disabled, no Cloudflare Web Analytics
script is loaded on subsequent visits. The preference is stored locally
via localStorage.
Retention period: audience reports are retained by Cloudflare in line with its policy (typically six months for detailed data, aggregated beyond that).
Recipients: only the data controller (Florian Beaufils) accesses the audience reports via the Cloudflare dashboard. See the "Sub-processors and transfers" section.
What is not collected
In the interest of transparency and as part of a sustainable digital design approach, the site does not use the following:
- No cookies (whether for advertising, tracking or audience measurement).
- No third-party behavioural analytics tools (no Google Analytics, Matomo, Plausible, Hotjar, or equivalent). The audience measurement described in processing no. 3 (Cloudflare Web Analytics) is cookieless, free of fingerprinting, and can be switched off from the comfort panel.
- No advertising tracking pixels (Meta Pixel, LinkedIn Insight Tag, etc.).
- No social media integrations via widgets or share buttons (links to LinkedIn are plain HTML links, without any third-party script).
- No web fonts loaded from an external CDN (no Google Fonts, no Adobe Fonts).
- No collection forms (newsletter, contact, registration).
- No advertising.
- No individual user journeys or profiling: the audience measurement described in processing no. 3 is strictly aggregated and anonymous (no user identifier, no session reconstruction, no path tracking).
Only minimal technical logs and aggregated, anonymous audience indicators are collected by the hosting provider (Cloudflare), for security, performance and overall traffic-understanding purposes. See the next section.
Sub-processors and international transfers
The technical operation of the site requires the use of sub-processors within the meaning of Article 28 of the GDPR. Each is listed below with its purpose, location, and the applicable safeguards for transfers outside the European Union.
Cloudflare, Inc. — Hosting, CDN, DNS and audience measurement
Infomaniak Network SA — Domain registrar and email hosting
mailto: links Apple Inc. — Mail client (macOS/iOS)
Transfers outside the European Union
Among the sub-processors listed above, Infomaniak Network SA is a Swiss company. Transfers of data to Switzerland are covered by the European Commission adequacy decision of 26 July 2000 (2000/518/EC): no specific transfer mechanism is required.
Cloudflare, Inc. and Apple Inc. are American companies. Transfers of personal data to the United States are governed by the Data Privacy Framework (DPF), adopted by the European Commission by adequacy decision of 10 July 2023, to which both companies adhere. This framework provides guarantees considered equivalent to those of the GDPR for transferred data.
Cookies and local storage
The site sets no cookies on your browser, neither directly nor through third-party services.
Local storage (localStorage)
The site uses only the browser's localStorage API to remember
your accessibility and display preferences. This technology is distinct from
cookies: the data stays exclusively on your device, is not transmitted to any
server, and cannot be used for cross-site tracking.
The storage keys used are as follows:
theme-preference: chosen theme ('light' or 'dark')-
comfort-preferences: a JSON object containing all comfort panel settings (text size, spacing, line height, high contrast, alignment, saturation, cursor, etc.)
You can delete this data at any time via the reset button in the comfort panel, or via your browser settings (clear site storage).
Legal basis for local storage
In accordance with CNIL deliberation no. 2020-091 of 17 September 2020, trackers strictly necessary for the provision of a service explicitly requested by the user (here, accessibility personalisation) are exempt from prior consent. No cookie banner is therefore required on this site.
Your rights
In accordance with Articles 15 to 22 of the GDPR and Articles 48 to 56 of the French Data Protection Act, you have the following rights over any personal data I hold about you:
- Right of access (Article 15 GDPR): to obtain confirmation that data about you is being processed, and to receive a copy.
- Right to rectification (Article 16 GDPR): to obtain correction of inaccurate or incomplete data.
- Right to erasure (Article 17 GDPR, "right to be forgotten"): to obtain deletion of data in the cases provided for by the regulation.
- Right to restriction of processing (Article 18 GDPR): to obtain a temporary freeze on the use of your data in certain cases.
- Right to data portability (Article 20 GDPR): to receive your data in a structured, commonly used and machine-readable format.
- Right to object (Article 21 GDPR): to object, on grounds relating to your particular situation, to processing based on legitimate interest.
- Right to give post-mortem instructions (Article 85 of the French Data Protection Act): to define what happens to your data after your death.
How to exercise your rights
To exercise any of these rights, simply send a request by email to contact@florianbeaufils.com specifying:
- The right you wish to exercise
- The email address from which you may have contacted me
- Proof of identity if necessary to confirm the request comes from you
I commit to responding to your request within a maximum of one month from receipt, in accordance with Article 12.3 of the GDPR. This deadline may be extended by two months for complex requests, in which case you will be notified.
Right to lodge a complaint
If you believe, after contacting me, that your rights are not being respected, you may lodge a complaint with the French data protection authority (CNIL):
- By post: CNIL — 3 place de Fontenoy, TSA 80715, 75334 Paris CEDEX 07, France
- Online: cnil.fr/fr/plaintes
Security measures
The following technical and organisational measures are implemented to protect personal data, in accordance with Article 32 of the GDPR:
- Encrypted communications: the entire site is served over HTTPS via the Universal SSL TLS certificate provided by Cloudflare (renewed automatically). TLS 1.3 minimum, TLS 1.0 and 1.1 disabled.
- Two-factor authentication enabled on the Infomaniak (kMail) and Apple accounts used to access messages.
- No personal database: as the site is static, no personal data is stored in a database.
- Restricted access: only the data controller accesses received messages.
- Regular updates of operating systems and software used to access data.
Data of minors
This site is intended for a professional adult audience (recruiters, clients, prospects, collaborators). It is not designed or directed at minors under 15 years of age.
No active collection of data concerning minors is carried out. If a minor wishes to contact me by email, it is noted that, in accordance with Article 8 of the GDPR and Article 45 of the French Data Protection Act, the consent of their legal representatives is required for the processing of their personal data below the age of 15.
Sensitive data
The site collects no sensitive data within the meaning of Article 9 of the GDPR, namely: data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data for the purpose of uniquely identifying a natural person, data concerning health, or data concerning a person's sex life or sexual orientation.
Visitors are advised not to voluntarily transmit such data in their messages.
Policy updates
This privacy policy may be updated to reflect legal, technical or functional changes to the site. The date of last update appears at the top of this page.
Visitors are invited to check this page regularly. In the event of a substantial change (new purpose, new sub-processor, new international transfer), a visible notice will be displayed on the home page for a reasonable period.
Applicable law
This privacy policy is governed by French law and the GDPR. In the event of a dispute, and in the absence of an amicable settlement, the French courts shall have sole jurisdiction.
Contact
For any question relating to this policy or to your personal data:
Data controller
Florian Beaufils
46 rue Lucien Faure, 33300 Bordeaux, France
contact@florianbeaufils.com