Privacy Policy

Data Controller

The data controller responsible for processing personal data is:
Estéban Lefoye Lebrun
Email: contact@aa-correction.fr

Collected Data

The following personal data may be collected via the contact form:

  • First and last name
  • Email address
  • Phone number
  • Client type (individual, company, author, publishing house, etc.)
  • Project type (book, website, article, etc.)
  • Proofreading requirements
  • Free description of the request
  • Text length
  • Attached file (text sample)
  • Contact preference

Processing Purposes

Data is collected for the following purposes:

  • Responding to contact requests
  • Preparing quotes
  • Managing client relationships
  • Ensuring contractual follow‑up and payments

Legal Basis

Data processing is based on:

  • Legitimate interest in responding to incoming requests
  • Performance of pre‑contractual and contractual measures
  • Applicable legal obligations
  • Consent (Art. 6.1.a GDPR) for cookies and analytical trackers

Data Retention Period

Data is retained for the following periods:

  • 3 years after the last contact for prospective clients
  • For the duration of the contractual relationship, then archived in compliance with legal obligations for clients

Data Recipients

Data is accessible only to the data controller.

It may be processed through the following tools:

  • Tally (contact form)
  • Notion (client and project management)
  • Make (automation of data flows between Tally, Proton Mail, Notion, and pCloud)
  • Proton Mail (emails)
  • pCloud (document storage)
  • Wire (client communication after contract signing)
  • kMeet (video conferencing)
  • Tiime (invoicing and accounting management)
  • Google Analytics (audience measurement)
  • Microsoft Clarity (navigation behavior analysis)

Processors and GDPR Compliance

Data is processed by carefully selected processors that meet GDPR compliance and data security standards.

Data collected via the contact form is processed by Tally, hosted in Europe (Belgium), in accordance with the GDPR. Tally acts as a processor on behalf of the data controller.

Automations between Tally, Proton Mail, Notion, and pCloud are managed via Make (formerly Integromat), a Czech company with servers hosted in Europe. Make acts as a processor and handles personal data in transit during automated transfers.

Client management data is stored and managed via Notion, which processes data on my behalf as a processor. Notion applies Standard Contractual Clauses (SCCs) for data transfers to the United States, in compliance with GDPR requirements.

Invoices are managed via Tiime, a French invoicing and accounting solution. Tiime acts as a data processor and processes customers’ invoicing data (name, address, amounts) on my behalf, in accordance with the GDPR.

Google LLC (Google Analytics) and Microsoft Corporation (Microsoft Clarity) may process anonymized browsing data only after collecting your consent. These companies are based in the United States and use Standard Contractual Clauses (SCCs) to ensure GDPR‑compliant data transfers.

For all integrations used, I ensure that data is exchanged only between GDPR‑compliant tools or those offering equivalent protection guarantees. Data Processing Agreements (DPAs) are signed when offered by the service provider as part of their terms.

Cookies and Trackers

With your consent, the website aa-correction.fr uses the following audience measurement tools:

  • Google Analytics (Google LLC) — audience measurement and browsing behavior analysis
  • Microsoft Clarity (Microsoft Corporation) — session recording and heatmaps

These tools set cookies only after you accept them through the consent banner. No tracking or advertising cookies are placed without your prior approval.

You can withdraw your consent at any time by clearing your browser cookies. The legal basis for this processing is your consent (Art. 6.1.a GDPR).

Security

Technical and organizational measures are implemented to protect personal data, including:

  • Restricted access to data (data controller only)
  • Strong authentication (2FA, secure password management via Proton Pass)
  • Encrypted storage using secure services (pCloud)
  • Preference for European data hosting whenever possible

User Rights

In accordance with GDPR, you have the following rights:

  • Right of access to your data
  • Right to rectification
  • Right to erasure (“right to be forgotten”)
  • Right to restrict processing
  • Right to object
  • Right to data portability

You can exercise these rights by contacting: contact@aa-correction.fr.

Complaint

You may file a complaint with the CNIL (www.cnil.fr) if you believe that your data processing does not comply with the GDPR.

Policy Updates

This privacy policy may be updated at any time to remain compliant with legal or technical developments, particularly in the event of new services such as online payment.