--:--
← All legal documents

Web Agency — Axel REGNOULT

Privacy Policy

2026
AXEL REGNOULT 128 rue de la Boétie, 75008 Paris 8, FRANCE SIRET : 895 214 989 00017 — Micro Entrepreneur Mail : legal@web-agency.app Dispensé d'immatriculation au RCS et au RM. — T.V.A. non applicable, art. 293 B du CGI.

Contents

  • 1 — Site editor
  • 2 — Identity of the Data Controller
  • 3 — Your rights
  • 4 — What information do we collect?
  • 5 — Means of collecting personal data
  • 6 — Purposes for which we collect personal data
  • 7 — Retention period of personal data
  • 8 — Rules applicable to bank-card payments
  • 9 — To whom is your personal data transmitted?
  • 10 — Security measures
  • 11 — Transfer of your personal data
  • 12 — Third-party websites and social networks
  • 12 bis — Minors and automated decision-making
  • 13 — Cookie policy
  • 14 — Modification of the Policy
  • 15 — Applicable law and competent courts

1 — Site editor

At Axelo, we care about your privacy!

The protection and confidentiality of your personal data is paramount to us. Your personal data will be treated as strictly confidential and used only for the needs of our services unless you decide otherwise.

Our commitment

  • We respect your privacy and your choices. Communications you receive from us can be stopped at any time.
  • We respect your rights as a User and do everything we can to enable you to exercise them.
  • When we use external providers, we select them rigorously and ensure they are equally committed to personal data protection.

This Policy is supplemented by our legal notice, our cookie policy and our Terms of Sale.

2 — Identity of the Data Controller

Personal data is collected by Axel Regnoult, a sole trader whose registered office, named Axelo, is located at 128 rue de la Boétie, 75008 Paris 8, France, exempted from registration with the Trade and Companies Register (RCS) and the Trades Register (RM), under SIRET number 895 214 989 00017. ("VAT not applicable, art. 293 B of the French General Tax Code.")

We undertake to provide the highest level of protection for your personal data in compliance with the GDPR — Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 — and the amended French Data Protection Act.

For any information about personal data protection, you may also consult the CNIL website: www.cnil.fr.

3 — Your rights

Pursuant to the French Data Protection Act and the GDPR, the User has the right to exercise the following rights:

  • Right of access: you can find out about the nature of your personal data that is stored or processed.
  • Right of rectification: if any personal data is inaccurate or incomplete, you can request that it be corrected.
  • Right of objection: you have the right to object, at any time, to the processing of your personal data.
  • Right to erasure: you can request the deletion of your personal data in the cases provided for by law.
  • Right to restriction of processing: you have the right to request the restriction of the processing of your personal data.
  • Right to portability: you have the right to receive a subset of your personal data and transfer it to another controller.
  • Right to define the fate of your data after death: you may set instructions concerning the storage, deletion and communication of your data after your death.

To exercise your rights, please send your correspondence to Axelo, 128 rue de la Boétie – 75008 Paris, or by email to legal@web-agency.app.

If you believe that one of your rights is not being respected, you may bring an action before the CNIL via its website: www.cnil.fr.

4 — What information do we collect?

The communication of your personal data is mostly deliberate. Your personal data may be collected from the Site, via your customer account, by email or postal mail, by phone, or when you participate in events organized by the Company.

Depending on the Service selected, we may collect: title, name(s), surname(s), email address, mobile phone number, home address, date of birth, nationality, and any other personal data needed to manage said contract.

For legal entities, we also collect: company name, SIREN, IBAN, headcount, business sector, collective agreement, and any data needed to follow up your customer account.

5 — Means of collecting personal data

This collection may take place in particular when:

  • browsing the Site
  • using the Services
  • paying for a Service
  • requesting information, having a phone call, or making contact

6 — Purposes for which we collect personal data

We process your personal data in order to provide you with the most appropriate response to your needs. In accordance with article 6 of the GDPR, each processing operation is based on an identified legal basis:

  • Contract performance (Art. 6.1.b GDPR): management of the commercial relationship and your contract, billing and case management, management of your customer account, response to questions and complaints.
  • Legal obligation (Art. 6.1.c GDPR): management of unpaid invoices and disputes, retention of accounting data.
  • Legitimate interest (Art. 6.1.f GDPR): production of internal commercial statistics, collection of user opinions.
  • Consent (Art. 6.1.a GDPR): sending newsletters and commercial prospecting, sending event invitations, monitoring and statistics on Site usage via analytical cookies. You can withdraw your consent at any time.

7 — Retention period of personal data

Depending on the case, the Company has defined distinct retention periods:

  • Prospect data: kept for 36 months from the last exchange with one of our services (CNIL recommendation).
  • Customer data (commercial relationship): kept for the duration of the contractual relationship and then 3 years from the last contact for commercial prospecting.
  • Accounting and tax data: kept for 10 years from the close of the accounting year in accordance with article L.123-22 of the French Commercial Code and article L.102 B of the French Book of Tax Procedures.
  • Connection data (technical logs): kept for 12 months in accordance with article L.34-1 of the French Postal and Electronic Communications Code.
  • GDPR supporting evidence (consents, rights requests): kept for 5 years for evidentiary purposes.

The Company may keep certain data beyond the periods stated above in order to comply with its legal or regulatory obligations. For statistics, data will be anonymized and cannot be reconstituted.

8 — Rules applicable to bank-card payments and protection of banking data

To ensure the security of your payments, the Company uses the services of Stripe, a provider that guarantees secure processing of all sensitive data, in compliance with PSD2, GDPR and PCI-DSS guidelines.

Data is stored on this provider's servers and is at no time transmitted to our servers. Our provider sends authorization requests to the bank and only transmits the transaction number to us.

9 — To whom is your personal data transmitted?

Your personal data may be communicated to:

  • Our internal services: accounting, sales departments, customer service.
  • Our main processors (article 28 GDPR — each bound by a data processing agreement):
    • Google Cloud EMEA Limited / Google LLC — Firebase Hosting, Firestore, Cloud Functions, Storage (EU region europe-west4; transfers framed by the EU-US Data Privacy Framework and standard contractual clauses).
    • Cloudflare, Inc. — Turnstile anti-spam protection (essential form cookies).
    • Stripe Payments Europe, Ltd. — payment processing (PCI-DSS, PSD2).
    • Resend / Brevo or equivalents — transactional and notification email sending.
    • Anthropic, PBC and OpenAI, L.L.C. — AI assistance tools under Anthropic Commercial Terms and OpenAI Business Terms (data not used for the training of third-party models).
  • Expert human partners mobilised on a case-by-case basis on quotation (see article 13 of the Terms of Sale).

Should we need to defend our rights in court, your personal data could be transmitted to the competent authorities and to our legal counsel.

10 — Security measures we put in place to protect your personal data

As Data Controller, the Company takes all useful precautions to preserve the security and confidentiality of your personal data. We have implemented technical and organisational measures to limit access to your data: TLS encryption in transit, encryption at rest of databases, environment isolation, access limited to the principle of least privilege, access logging, encrypted daily backups.

Security incident notification. In accordance with articles 33 and 34 of the GDPR, in the event of a personal data breach likely to result in a risk to the rights and freedoms of data subjects, the Company shall notify the breach to the CNIL within 72 hours after becoming aware of it. Where the Company acts as a processor on behalf of a client (controller), it shall inform the latter without undue delay. Where the risk to data subjects is high, the latter shall be informed as soon as possible.

11 — Transfer of your personal data

The Company strives to keep your personal data within the European Union. However, on a marginal basis and for certain specific Services, the collected data could be transmitted to processors established outside the European Union (in particular Google LLC, in the United States, for Firebase hosting services and Google Analytics traffic statistics, under the EU-US Data Privacy Framework adopted in July 2023). In such cases, the Company will ensure that adequate measures are in place to guarantee the security of your data and respect for your rights.

12 — Third-party websites and social networks

The Site may contain links to social networks or sharing buttons. In accordance with European case law (CJEU judgment C-40/17 "Fashion ID" of 29 July 2019), social buttons are only activated after your express consent via our cookie banner. As long as such consent has not been given, no data (in particular your IP address) is transmitted to third-party platforms.

During your actual interaction with these platforms, the Company cannot be held responsible for the processing carried out by third-party publishers. We encourage you to consult their privacy policies:

12 bis — Minors and automated decision-making

Minors. The Services are not intended for persons under the age of 15. In accordance with article 7-1 of the amended French Act 78-17 (which transposes article 8 of the GDPR), where a minor under 15 is concerned, consent shall be collected jointly with that of the holder(s) of parental authority.

Automated decision-making and profiling. The Company does not take any decision producing legal effects concerning you solely on the basis of automated processing, including profiling (article 22 of the GDPR). Any audience statistics are anonymised and aggregated.

13 — Cookie policy

The cookie policy is available at the following link: /legal/cookies.

14 — Modification of the Policy

The Company may modify the Policy at any time. Any modifications cannot affect Service purchases made on the Site prior to their publication. The User is invited to review the Policy each time they use the Services of the Site, without the need for formal notification.

15 — Applicable law and competent courts

The Policy is governed by French law. In the event of a dispute and where an amicable agreement cannot be reached, the competent courts will be those of the jurisdiction of the Paris Court of Appeal, notwithstanding multiple defendants or warranty claims.

Date of last update: 06/06/2026

Esc
sélectionner naviguer Esc fermer