Cyrille Magdeleine

Privacy Policy

Last updated : April 2026

1. Data Controller

The data controller for personal data collected on cyrillemagdeleine.com is:

PixL-Art Studio (company) Represented by Cyrille Magdeleine SIREN: 105 654 560 RCS: Chartres Address: 19 Rue du clos de la croix, 28200 Saint-Denis-Lanneray Phone: +33 6 84 42 92 93 Email: [email protected]

In accordance with Regulation (EU) 2016/679 of 27 April 2016 (GDPR) and French Data Protection Act No. 78-17 of 6 January 1978 (as amended), PixL-Art Studio is committed to protecting your personal data.

2. Personal Data Collected

We only collect data necessary for the purposes described below:

Via the contact and quote forms:

  • First and last name
  • Email address
  • Phone number (country code and number, optional)
  • Event date and location (optional)
  • Project type (wedding, baptism, corporate, etc.)
  • Free-text message describing your project

Via the newsletter:

  • Email address

Automatically collected data:

  • Anonymized browsing data (pages visited, visit duration) via Cloudflare Web Analytics — no tracking cookies, no personally identifiable data

3. Purposes and Legal Basis

Your data is processed for the following purposes:

  • Responding to your contact and quote requests — Legal basis: pre-contractual measures (Article 6.1.b GDPR)
  • Sending the newsletter — Legal basis: consent (Article 6.1.a GDPR). You may unsubscribe at any time via the unsubscribe link in each email
  • Client relationship management (contracts, billing, delivery) — Legal basis: performance of a contract (Article 6.1.b GDPR)
  • Accounting and tax obligations — Legal basis: legal obligation (Article 6.1.c GDPR)

4. Recipients and Sub-processors

Your data may be shared with the following sub-processors, strictly within the scope of the purposes described:

  • Resend (Resend, Inc., USA) — transactional emails and newsletter. GDPR-compliant via Standard Contractual Clauses (SCC)
  • Cloudflare (Cloudflare, Inc., USA) — CDN, website security, and anonymous analytics. GDPR-compliant via Cloudflare's Data Processing Addendum
  • Netcup GmbH (Germany) — website hosting. Servers located within the European Union

No personal data is sold, rented, or transferred to third parties for commercial purposes.

5. Data Transfers Outside the EU

Some of our sub-processors (Resend, Cloudflare) are based in the United States. These transfers are governed by Standard Contractual Clauses (SCC) approved by the European Commission, in accordance with Article 46.2.c of the GDPR, ensuring an adequate level of data protection.

6. Data Retention

Your data is retained for the following periods:

  • Contact and quote data: 3 years from the last contact, in line with CNIL recommendations
  • Client data (contracts, invoices): 10 years from the end of the financial year, in compliance with accounting obligations (Article L.123-22 of the French Commercial Code)
  • Newsletter: until you withdraw your consent (unsubscribe)
  • Online photo gallery: 3 months after going live

At the end of these periods, your data is deleted or irreversibly anonymized.

7. Your Rights

Under the GDPR (Articles 15 to 22) and the French Data Protection Act, you have the following rights regarding your personal data:

  • Right of access (Article 15): obtain confirmation that your data is being processed and receive a copy
  • Right to rectification (Article 16): correct inaccurate or incomplete data
  • Right to erasure (Article 17): request deletion of your data, subject to legal retention obligations
  • Right to restriction (Article 18): temporarily restrict the processing of your data
  • Right to data portability (Article 20): receive your data in a structured, commonly used format
  • Right to object (Article 21): object to the processing of your data on legitimate grounds
  • Right to withdraw consent: withdraw your consent at any time (newsletter, etc.) without affecting the lawfulness of processing carried out before withdrawal

To exercise these rights, send your request by email to [email protected] with a copy of your ID. We will respond within one month.

If you encounter any difficulty exercising your rights, you may lodge a complaint with the CNIL (French Data Protection Authority): www.cnil.fr — 3 Place de Fontenoy, 75007 Paris, France.

8. Cookies and Trackers

This website uses only strictly necessary cookies for technical operation (session, language preferences). No advertising, tracking, or profiling cookies are used.

Cloudflare Web Analytics is used to measure website traffic in a completely anonymous manner, without cookies and without collecting personally identifiable data. This service is GDPR-compliant and does not require consent.

Types of cookies used:

  • Session cookie (next-intl): stores chosen language — duration: browser session
  • Cloudflare technical cookie (__cf_bm): bot protection — duration: 30 minutes

9. Data Security

Cyrille Magdeleine implements appropriate technical and organizational measures to protect your personal data against unauthorized access, modification, disclosure, or destruction:

• HTTPS encryption (TLS 1.3) for all communications • DDoS and injection protection via Cloudflare WAF • Dedicated secured server hosted in Europe (Netcup, Germany) • SSH key-only access, root access disabled • Regular data backups

10. Children's Data

This website does not intentionally collect personal data from children under 16. If you are a parent or guardian and discover that a minor has provided us with personal data, please contact us at [email protected] so we can delete it.

11. Policy Changes

This privacy policy may be updated to reflect legal developments or changes in our practices. The last update date is indicated at the top of this page. We encourage you to review it regularly.