Last updated: 1er juillet 2026
1. Data controller
The controller of the personal data collected through pixelprisme.com is:
- David Gonzalez, a sole trader operating under the trading name Pixel Prisme
- Address : to be completed (same as the legal notice)
- Email : contact@pixelprisme.com
- SIRET : to be completed
As there is no obligation to appoint a data protection officer (DPO) within the meaning of article 37 of the GDPR, any request relating to personal data can be sent to the email address above.
2. Data collected
2.1 Data provided through the contact form
- Name
- Email address
- Phone number (optional)
- Project type (selected category)
- The content of the message written by the user
2.2 Technical data (server logs)
- IP address
- Browser and operating system type and version
- Pages viewed, date and time of the visit, referrer
- Information collected by our host Cloudflare for security purposes (anti-DDoS filtering, bot detection)
2.3 Audience measurement (Cloudflare Web Analytics, cookie-free)
- Strictly aggregated, anonymous data: page views, country, referring site, device type, performance metrics (Core Web Vitals)
- No cookie, no individual identifier, no digital fingerprinting, no tracking from one site to another
This strictly anonymous audience measurement cannot identify or track you. It falls under the consent exemption recognised by the French Data Protection Authority (CNIL): no banner and no prior consent are required.
2.4 Audience measurement and usage analysis (with your consent)
- Google Analytics 4: traffic and journey statistics (page views, traffic source, device type), using cookies
- Microsoft Clarity: heatmaps and anonymised recording of your browsing (session replay), with sensitive fields (the contact form) masked
These processing activities are only enabled with your prior consent, which is collected through the cookie banner. You can refuse or disable them at any time by clicking "Manage cookies" at the bottom of the page. Without consent, only the cookie-free audience measurement (§ 2.3) and the strictly necessary cookies (§ 8.1) are active. The cookies involved are listed in § 8.3.
3. Purposes and legal bases
| Purpose | Data involved | Legal basis (art. 6 GDPR) |
|---|---|---|
| Respond to your contact request | Contact form (§ 2.1) | Consent (art. 6.1.a) |
| Keep the site secure and prevent abuse | Server logs (§ 2.2) | Legitimate interest (art. 6.1.f) |
| Measure audience and improve the site | Anonymous cookie-free statistics (§ 2.3) | Legitimate interest (art. 6.1.f), anonymous measurement |
| Measure audience and analyse usage with cookies | Google Analytics 4, Microsoft Clarity (§ 2.4) | Consent (art. 6.1.a) |
| Perform a service contract after a signed quote | Contact details and project data | Contract performance (art. 6.1.b) |
| Meet accounting and tax obligations | Billing data | Legal obligation (art. 6.1.c) |
4. Recipients
Your personal data may be shared with the following recipients, acting as processors within the meaning of article 28 of the GDPR:
| Recipient | Role | Location |
|---|---|---|
| Cloudflare, Inc. | Hosting, network security, anonymous cookie-free audience measurement (Web Analytics), anti-spam protection (Turnstile) | United States (EU-US DPF) |
| Resend, Inc. | Delivery of contact-form emails | United States (EU-US DPF) |
| Hostinger International Ltd. | Domain name management and professional email | Cyprus (EU) |
| Google LLC | Audience measurement (Google Analytics 4), subject to your consent | United States (EU-US DPF) |
| Microsoft Corporation | Usage analysis and session recording (Microsoft Clarity), subject to your consent | United States (EU-US DPF) |
No personal data is transferred, sold or rented to third parties for commercial purposes.
5. International transfers
Some of our processors are established outside the European Union, in particular in the United States (Cloudflare, Resend, as well as Google and Microsoft when you consent to the measurement and analysis cookies).
These transfers are governed by:
- The EU-US Data Privacy Framework (the European Commission adequacy decision of 10 July 2023), for processors that have signed up to it;
- Failing that, the Standard Contractual Clauses (SCCs) adopted by the European Commission, supplemented where necessary by additional measures in line with the recommendations of the European Data Protection Board (EDPB).
6. Retention periods
| Data category | Retention period |
|---|---|
| Requests through the contact form (with no commercial follow-up) | 3 years from the last contact |
| Client data after a contract is signed | 10 years from the end of the contract (accounting obligation, art. L.123-22 of the French Commercial Code) |
| Server logs (Cloudflare) | 30 days maximum |
| Anonymous audience statistics (Cloudflare Web Analytics) | Aggregated data that cannot be linked to a person, no individual retention period applies |
| Google Analytics 4 data (with consent) | Up to 14 months for user-level data; cookie lifetimes are listed in § 8.3 |
| Microsoft Clarity data (with consent) | Retained in accordance with the Microsoft Clarity retention policy; cookie lifetimes are listed in § 8.3 |
| Proof of your cookie consent choice | 1 year (zaraz-consent cookie), after which you are asked to choose again |
7. Your rights
In accordance with articles 15 to 22 of the GDPR and the French Data Protection Act as amended, you hold the following rights over your personal data:
- Right of access (art. 15): obtain confirmation that data concerning you is being processed and receive a copy of it;
- Right to rectification (art. 16): have inaccurate or incomplete data corrected;
- Right to erasure (art. 17): obtain the deletion of your data in the cases provided for by law;
- Right to restriction of processing (art. 18): request the temporary suspension of a contested processing operation;
- Right to portability (art. 20): receive your data in a structured, machine-readable format;
- Right to object (art. 21): object, on legitimate grounds, to processing based on legitimate interest;
- Right to withdraw your consent at any time, where processing is based on consent;
- Right to set directives on the storage, erasure and disclosure of your data after your death (art. 85 of the French Data Protection Act).
How to exercise your rights
Send your request by email to contact@pixelprisme.com, stating the subject of your request and, where necessary, attaching proof of identity. You will receive a reply within one month at most.
Complaint to the CNIL
If, after contacting us, you believe your rights are not being respected, you can lodge a complaint with the French Data Protection Authority, the Commission nationale de l'informatique et des libertés (CNIL):
- 3 place de Fontenoy, TSA 80715, 75334 Paris Cedex 07, France
- Phone: +33 1 53 73 22 22
- Website: cnil.fr
8. Cookies and trackers
This site uses strictly necessary cookies (exempt from consent) and, only with your agreement, audience-measurement and usage-analysis cookies. A consent banner, shown on your first visit, lets you accept or refuse the latter. No advertising cookie is set. The cookie-free anonymous audience measurement (§ 8.2) works without consent.
8.1 Strictly necessary cookies
Exempt from consent under article 82 of the French Data Protection Act.
| Name | Issuer | Purpose | Duration |
|---|---|---|---|
__cf_bm | Cloudflare | Bot detection, anti-spam for the contact form | 30 minutes |
cf_clearance | Cloudflare | Validation of a security challenge (Cloudflare Turnstile) | 30 days |
zaraz-consent | Cloudflare (Zaraz) | Stores your cookie consent choice | 1 year |
These cookies are essential to the security and proper functioning of the site; they do not track your browsing for advertising purposes and are, on that basis, exempt from consent.
The contact form is protected against spam by Cloudflare Turnstile, a privacy-friendly alternative to traditional CAPTCHAs (no advertising tracking). The processing of data by this tool is governed by the Cloudflare Turnstile privacy addendum.
8.2 Cookie-free audience measurement
Site traffic is measured with Cloudflare Web Analytics, a cookie-free tool that collects no personal data, uses no digital fingerprinting and does not track visitors from one site to another. This strictly anonymous audience measurement falls under the consent exemption recognised by the CNIL; no banner and no consent collection are required.
8.3 Measurement and analysis cookies (subject to your consent)
Only after you accept do we set cookies for Google Analytics 4 (audience measurement) and Microsoft Clarity (heatmaps and anonymised recording of your browsing, with sensitive fields masked):
| Name | Issuer | Purpose | Duration |
|---|---|---|---|
cfz_google-analytics_v4 | Zaraz (Google Analytics) | Audience measurement: GA4 visitor/session identifier, set first-party by Zaraz | 1 year |
cfzs_google-analytics_v4 | Zaraz (Google Analytics) | Audience measurement: GA4 session page-view counter | Session |
_clck | Microsoft (Clarity) | Keeps the Clarity browser identifier for the site | 1 year |
_clsk | Microsoft (Clarity) | Links page views within the same session | 1 day |
Microsoft may set related cookies (for example CLID, MUID) via the clarity.ms domain. None of these cookies are used for advertising purposes by Pixel Prisme.
These cookies are only set after you accept them via the banner shown on your first visit. You can accept, refuse or change your choice at any time by clicking "Manage cookies" at the bottom of every page; refusing has no impact on access to the site. This data is shared with Google and Microsoft (§ 4), including in the United States (§ 5). No other social network or ad-network tracker is set; the share buttons are plain links, with no tracking script.
9. Security
Pixel Prisme implements appropriate technical and organisational measures to ensure a level of security suited to the risk, including:
- TLS encryption (HTTPS) across the whole site;
- Hosting with recognised providers certified to ISO/IEC 27001 (Cloudflare);
- Restricting access to personal data to authorised people only;
- Regular backups and access logging;
- Regular updates of software dependencies.
10. Changes
Pixel Prisme reserves the right to amend this privacy policy at any time, in particular to comply with any legislative, regulatory or case-law developments. The date of the last update appears at the top of this document.
11. Contact us
For any question about this privacy policy or the exercise of your rights, you can write to us at: contact@pixelprisme.com.