Privacy Policy

This Privacy Policy explains how Romain Malara collects, uses, protects, and processes your personal information when you visit and interact with this website. We are committed to protecting your privacy and ensuring the security of your personal data in full compliance with the General Data Protection Regulation (GDPR) and all applicable data protection laws.

1. Data Controller

The data controller responsible for the processing of your personal data is:

Name: Romain Malara

Status: Individual Entrepreneur

Registered Address: Paris, France

Email: [email protected]

Website: www.romainmalara.com

As the data controller, Romain Malara determines the purposes and means of processing your personal data and ensures compliance with all applicable data protection regulations.

2. Types of Personal Data We Collect

We may collect and process the following categories of personal information:

2.1. Contact and Identity Information

When you submit a contact form, subscribe to our newsletter, or communicate with us, we may collect: full name, email address, phone number, company name, job title, and any other information you voluntarily provide in your message or inquiry.

2.2. Technical and Usage Data

When you visit our website, we automatically collect certain technical information, including: IP address, browser type and version, operating system, device type and model, screen resolution, referring website, pages visited, time spent on pages, navigation patterns, date and time of access, and geographic location (country/city level).

2.3. Communication and Correspondence Data

Any information you provide when contacting us via email, contact forms, or other communication channels, including the content of your messages, attachments, and metadata associated with your communications.

2.4. Cookie and Tracking Data

Information collected through cookies, web beacons, and similar tracking technologies, including session identifiers, preferences, and behavioral data. See Section 7 for detailed information on cookies.

3. Purposes and Legal Basis for Data Processing

We process your personal data for the following purposes, based on the corresponding legal grounds:

3.1. Communication and Inquiry Management

Purpose: To respond to your inquiries, provide requested information, and maintain communication regarding our services.

Legal Basis: Consent (when you voluntarily submit your information) and Legitimate Interest (to respond to inquiries and provide customer service).

3.2. Newsletter and Marketing Communications

Purpose: To send newsletters, updates, and relevant information about our services, projects, and activities if you have subscribed.

Legal Basis: Consent (you can unsubscribe at any time using the link provided in each email).

3.3. Website Improvement and Analytics

Purpose: To analyze website traffic, understand user behavior, improve website functionality, optimize user experience, and develop new features.

Legal Basis: Legitimate Interest (to improve our services and provide a better user experience).

3.4. Security and Fraud Prevention

Purpose: To ensure website security, prevent fraud, detect and prevent malicious activities, and protect our rights and property.

Legal Basis: Legitimate Interest (to maintain security and protect against threats).

3.5. Legal Compliance

Purpose: To comply with legal obligations, respond to legal requests, and enforce our terms and conditions.

Legal Basis: Legal Obligation and Legitimate Interest (to comply with applicable laws and regulations).

4. Data Sharing and Third-Party Disclosure

We respect your privacy and do not sell, trade, rent, or otherwise transfer your personal information to third parties for their marketing purposes. We may share your data only in the following circumstances:

4.1. Service Providers and Processors

We work with trusted third-party service providers who assist us in operating our website and delivering our services, including: website hosting providers, email service providers, analytics platforms, and cloud storage services. These providers process data on our behalf under strict contractual obligations and are required to maintain the confidentiality and security of your data.

4.2. Legal Authorities and Compliance

We may disclose your personal data if required by law, court order, legal process, or governmental request, or to protect our rights, property, safety, or the rights of others.

4.3. Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your personal data may be transferred to the acquiring entity, subject to the same privacy protections outlined in this policy.

5. International Data Transfers

Your personal data may be transferred to, stored, and processed in countries outside the European Economic Area (EEA), including countries that may not provide the same level of data protection as your home country.

When we transfer your data internationally, we ensure that appropriate safeguards are in place to protect your information, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Adequacy decisions recognizing equivalent data protection standards
  • Binding Corporate Rules and other approved transfer mechanisms
  • Explicit consent for specific transfers where required

For more information about the safeguards we use for international data transfers, please contact us at [email protected].

6. Data Retention

We retain your personal data only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law.

• Contact Form Submissions: Retained for up to 3 years from the date of submission or until you request deletion, whichever comes first.

• Newsletter Subscriptions: Retained until you unsubscribe or request deletion. Unsubscribe links are provided in every newsletter email.

• Analytics and Usage Data: Aggregated and anonymized data may be retained indefinitely for statistical and analytical purposes. Identifiable data is retained for up to 26 months.

• Legal and Compliance Data: Retained for the duration required by applicable laws and regulations, typically up to 6 years for accounting and tax purposes.

When personal data is no longer needed, it will be securely deleted or anonymized in accordance with our data retention and deletion procedures.

7. Cookies and Tracking Technologies

This website uses cookies and similar tracking technologies to enhance user experience, analyze website traffic, and improve functionality. Cookies are small text files stored on your device that help us recognize you and remember your preferences.

7.1. Types of Cookies We Use

• Essential Cookies: Necessary for the website to function properly. These cookies enable core functionality such as security, network management, and accessibility. You cannot opt out of these cookies.

• Analytics Cookies: Help us understand how visitors interact with our website by collecting and reporting information anonymously. We use these cookies to improve website performance and user experience.

• Functional Cookies: Enable enhanced functionality and personalization, such as remembering your preferences and settings.

• Marketing Cookies: May be used to track visitors across websites to display relevant advertisements and measure campaign effectiveness. These cookies are only set with your consent.

7.2. Managing Your Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse or delete cookies. Please note that disabling certain cookies may affect website functionality and limit your access to certain features.

To learn more about cookies and how to manage them, visit: www.allaboutcookies.org

7.3. Third-Party Cookies

Some cookies may be set by third-party services that appear on our website, such as analytics providers. We do not control these cookies, and you should review the privacy policies of these third parties for more information.

8. Your Rights Under GDPR

Under the General Data Protection Regulation (GDPR) and applicable data protection laws, you have the following rights regarding your personal data:

• Right to Access (Article 15): You have the right to request a copy of the personal data we hold about you, along with information about how it is processed.

• Right to Rectification (Article 16): You have the right to request correction of inaccurate or incomplete personal data.

• Right to Erasure / "Right to be Forgotten" (Article 17): You have the right to request deletion of your personal data in certain circumstances, such as when the data is no longer necessary for the purposes for which it was collected.

• Right to Restriction of Processing (Article 18): You have the right to request limitation of data processing in specific situations, such as when you contest the accuracy of the data.

• Right to Data Portability (Article 20): You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller.

• Right to Object (Article 21): You have the right to object to processing based on legitimate interests or for direct marketing purposes.

• Right to Withdraw Consent (Article 7): Where processing is based on consent, you have the right to withdraw your consent at any time, without affecting the lawfulness of processing based on consent before its withdrawal.

• Right Not to be Subject to Automated Decision-Making (Article 22): You have the right not to be subject to decisions based solely on automated processing, including profiling, which produces legal effects or similarly significantly affects you.

How to Exercise Your Rights

To exercise any of these rights, please contact us at: [email protected]

We will respond to your request within one month of receipt. In complex cases, this period may be extended by two additional months, and we will inform you of any such extension.

We may request additional information to verify your identity before processing your request to ensure the security of your personal data.

9. Data Security Measures

We implement appropriate technical and organizational security measures to protect your personal data against unauthorized access, alteration, disclosure, loss, or destruction. These measures include:

  • Encryption of data in transit using SSL/TLS protocols (HTTPS)
  • Secure storage of data on protected servers with access controls
  • Regular security assessments and vulnerability testing
  • Employee training on data protection and security best practices
  • Strict access controls limiting data access to authorized personnel only
  • Regular backups and disaster recovery procedures
  • Incident response and breach notification procedures

While we take all reasonable precautions to protect your data, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security, but we continuously work to improve our security measures and respond promptly to any security incidents.

In the event of a data breach that poses a risk to your rights and freedoms, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR.

10. Children's Privacy

This website is not intended for children under the age of 16. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe that your child has provided us with personal data, please contact us immediately.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible.

11. Supervisory Authority

If you believe that your data protection rights have been violated, you have the right to lodge a complaint with a supervisory authority, in particular in the EU Member State of your habitual residence, place of work, or place of the alleged infringement.

For France, the competent supervisory authority is:

Commission Nationale de l'Informatique et des Libertés (CNIL)

3 Place de Fontenoy, TSA 80715

75334 Paris Cedex 07, France

Phone: +33 1 53 73 22 22

Website: www.cnil.fr

However, we encourage you to contact us first so we can address your concerns directly.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or operational needs. Any changes will be posted on this page with an updated "Last updated" date.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your personal data. If we make material changes that significantly affect your rights, we will provide additional notice, such as via email or a prominent notice on our website.

Your continued use of this website after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

13. Contact Information

If you have any questions, concerns, requests, or complaints regarding this Privacy Policy or the processing of your personal data, please contact us at:

Data Controller: Romain Malara

Email: [email protected]

Website: www.romainmalara.com

We are committed to resolving any privacy concerns promptly and transparently. We will respond to your inquiry within 48 business hours and provide a full response within one month.

Last updated: January 2026

This Privacy Policy is effective as of the date stated above and applies to all personal data collected through this website. Please review this page regularly to stay informed of any updates.