Privacy Policy

1) Who we are (Data Controller)

For the purposes of the General Data Protection Regulation (GDPR) and other applicable privacy laws, the data controller is:

If you have questions about this policy, requests about your data, or concerns about how information is handled, contact us using the details above. If we appoint a Data Protection Officer (DPO) or similar role for particular engagements, we will provide that contact information in the relevant engagement documentation.

2) What information we collect

We collect information that helps us operate the website, respond to inquiries, and maintain site security. The categories of personal data we may process include:

• Contact details: full name, work email address, and (if you provide it) phone number.
• Inquiry content: the topic you submit and the message text you provide through our forms or by email.
• Technical identifiers: IP address, approximate location derived from IP (city/region level), browser type, device type, operating system, and referring page (if available).
• Usage data: pages viewed, interactions with navigation, time spent on pages, and basic aggregated engagement metrics.
• Cookies and similar technologies: strictly necessary cookies (where used), analytics cookies (if enabled), and marketing cookies (only if enabled and you consent).

We do not ask you to submit sensitive personal data (such as health information, political opinions, biometric data, or financial account details) via our website. Please do not include passwords, government ID numbers, or confidential datasets in inquiry messages.

3) How we collect information

We collect information through the following methods:

• Web forms: when you submit a standard inquiry through the contact form on /contact/.
• Email communications: if you email us directly, we receive your email address and any information you include in your message.
• Server logs: our hosting systems automatically record technical data (such as IP address and request metadata) to deliver pages and protect the service.
• Cookies and analytics tools: when you browse the site, cookies (where used) and analytics tags may collect information about usage patterns. Analytics and marketing cookies are only used when permitted by your cookie choices.

4) Legal bases for processing (GDPR Article 6)

We process personal data only when a lawful basis applies. Depending on context, the lawful bases may include:

• Consent (Art. 6(1)(a)): for optional cookies (analytics and marketing where applicable) and for receiving marketing communications if you explicitly opt in.
• Contract or pre-contractual steps (Art. 6(1)(b)): to respond to an inquiry and take steps at your request before entering an advisory engagement.
• Legitimate interests (Art. 6(1)(f)): for basic website security, preventing abuse, maintaining service quality, and measuring aggregated site performance in a privacy-respecting manner. We balance these interests against your rights and expectations.
• Legal obligation (Art. 6(1)(c)): where we must retain or disclose information to comply with applicable laws (for example, accounting or regulatory obligations related to a signed engagement).

Where we rely on consent, you may withdraw it at any time using the cookie controls described below or by contacting us. Withdrawal does not affect the lawfulness of processing before consent was withdrawn.

5) How we use your information (purposes)

We use information for the following purposes:

• Responding to inquiries: to review your message, contact you back, and clarify scope and deliverables.
• Service delivery: if an engagement is agreed, to communicate about operational review work, scheduling, and deliverables.
• Customer support: to handle requests, follow-up questions, and administrative coordination.
• Website operations and security: to protect against abuse, spam, and fraud, and to ensure the site functions correctly.
• Analytics (optional): to understand how visitors use the website and to improve clarity of content and navigation, based on consent where required.
• Marketing communications (optional): only where you provide explicit consent, to send informational updates. We do not sell personal data or use deceptive profiling.

6) Retention periods

We retain personal data only for as long as necessary for the purposes described in this policy, unless a longer retention period is required by law. Typical retention periods are:

• Inquiry form submissions: up to 2 years from the date of the last communication, unless an engagement follows or you request deletion earlier (subject to legal obligations).
• Email correspondence: up to 2 years from the last communication for general inquiries; longer if needed to administer an agreed engagement.
• Analytics data: 14 months (where analytics is enabled and consented), after which it is deleted or aggregated.
• Cookie preferences: typically stored for 6 months to remember your choices, after which you may be asked again.
• Security logs: generally up to 90 days, unless required longer to investigate security incidents or comply with legal requirements.

Where we have an ongoing contractual relationship, certain records may be retained for longer to comply with legal, accounting, or dispute resolution requirements.

7) Sharing and disclosure

We do not sell personal data. We may share personal data with trusted service providers (processors) that help us operate the website and respond to inquiries. We only share data to the extent necessary for the relevant purpose and require appropriate safeguards through contractual terms.

Categories of recipients may include:

• Hosting and infrastructure providers: to serve website content and store operational logs.
• Email service providers: to send and receive inquiry communications and administrative messages.
• Analytics providers: such as Google Analytics 4, if enabled and you consent to analytics cookies.
• Advertising/measurement tools: such as Meta Pixel, only if enabled and you consent to marketing cookies. We do not use these tools to make personal-attribute claims or to engage in deceptive targeting.
• Professional advisers: such as legal or accounting advisers where necessary and subject to confidentiality obligations.

We may also disclose information if required to comply with a legal obligation, enforce our terms, or protect the rights, safety, or security of Qujuxfilun, our users, or the public.

8) International data transfers

We are based in France. Depending on the service providers used for hosting, email, analytics, or security, personal data may be processed in countries outside the European Economic Area (EEA). Where transfers occur outside the EEA, we rely on appropriate safeguards such as:

• European Commission adequacy decisions, where applicable; or
• Standard Contractual Clauses (SCCs) approved by the European Commission, together with supplementary measures where needed.

You can request information about our current safeguards by contacting us at [email protected].

9) Your rights under GDPR

If GDPR applies to you, you have the following rights with respect to your personal data:

• Right of access: request a copy of the personal data we hold about you.
• Right to rectification: request correction of inaccurate or incomplete data.
• Right to erasure: request deletion of your data where legally permitted.
• Right to restriction: request limitation of processing in certain circumstances.
• Right to data portability: request transfer of certain data to you or another controller, where applicable.
• Right to object: object to processing based on legitimate interests, and object to direct marketing.
• Right to withdraw consent: where processing is based on consent, you may withdraw it at any time.

To exercise these rights, contact [email protected]. We may need to verify your identity before responding. We aim to respond within one month, and within the timeframes required by law.

You also have the right to lodge a complaint with a supervisory authority. In France, the supervisory authority is the Commission Nationale de l'Informatique et des Libertés (CNIL). You can find information on how to submit a complaint on the CNIL website.

10) Cookie policy

Cookies are small text files stored on your device. We use cookies and similar technologies to support core functionality and, if you consent, to measure website usage and support marketing measurement. You can control cookies through our cookie banner and your browser settings.

Cookie categories

• Strictly necessary: used to provide core website functions and remember essential preferences. These are generally required for the site to work as intended.
• Analytics (optional): used to understand aggregated usage (for example, which pages are visited and how navigation is used). If enabled, we use Google Analytics 4. This category is set only after you consent where required.
• Marketing (optional): used to measure advertising effectiveness and support retargeting where applicable. If enabled, this may include Meta Pixel. This category is set only after you consent.

Cookie durations

Cookie lifetimes depend on their function. Where used, session cookies expire when you close your browser. Persistent cookies may remain for a set period, typically from a few days up to 14 months for analytics identifiers. Our preference cookie (which stores your choice) is typically kept for 6 months.

Managing cookies

• Use the cookie banner controls to accept or reject optional cookies.
• Adjust your browser settings to block or delete cookies. If you block strictly necessary cookies, the site may not function as intended.
• If you have already provided consent, you can change your choice by using the “Cookie settings” button in the site footer.

11) Children's privacy

Our website and services are not directed to children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided personal data to us, please contact [email protected] so we can take appropriate steps to delete it.

12) Security

We implement reasonable technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is fully secure, but we aim to handle inquiry information with care and to limit access to those who need it for the purposes described in this policy.

13) Updates to this policy

We may update this Privacy Policy to reflect changes in our practices, legal requirements, or service providers. When changes are material, we will provide a clear notice on the website (for example, by a banner or prominent message) and update the “Last Updated” date above. If you have provided an email address as part of an ongoing engagement, we may also notify you by email where appropriate.

14) Contact and data requests

For privacy questions, data access requests, deletion requests, or objections to processing, contact:

When making a request, please describe what you are asking for and provide enough information for us to locate relevant records. We will not ask you to provide sensitive information to verify your identity; we will use proportionate methods based on the request.