The Crise Conscience association attaches particular importance to protecting your personal data. This policy describes, pursuant to GDPR and the amended French Data Protection Act, how we collect, use and protect your information.
1. Data controller
The data controller is the Crise Conscience association, with registered office at [address to be completed].
For any request relating to your data: contact@criseconscience.org.
2. Data we collect
We collect only the data strictly necessary for the stated purposes:
a. Contact form
- First and last name (optional)
- Email address (optional — anonymous submission possible)
- Subject and message content
Legal basis: your consent (GDPR article 6.1.a), expressed by sending the form and ticking the consent checkbox.
Purpose: reply to you, process your request, orient you.
Retention: up to 3 years after the last exchange, then archiving or deletion.
b. Newsletter subscription
- Email address
- Subscription date, source
- IP address (hashed, non-identifying)
- Browser User-Agent (anti-abuse purposes)
Legal basis: your explicit consent (checkbox).
Purpose: send you our publications, resources and alerts.
Retention: until your unsubscription, or 3 years of inactivity.
c. Browsing data and statistics
We use Vercel Analytics, a privacy-respecting audience measurement tool: no cookies, no user profile, no data resale. Statistics are aggregated and anonymised.
3. Data recipients
Your data is only accessible to authorised members of the Crise Conscience editorial team. It may be transmitted to our technical processors only for service purposes:
- Vercel Inc. — hosting (servers in EU/USA with standard contractual clauses).
- Email service: [provider to specify: Brevo, SendGrid, etc.], for the newsletter.
- n8n — internal automation (message relay, article processing).
Your data is never sold, rented or transferred to third parties for commercial purposes.
4. Transfers outside the European Union
Some of our processors (notably Vercel) may process data in the United States. These transfers are governed by standard contractual clauses from the European Commission and, where appropriate, adherence to the Data Privacy Framework.
5. Your rights
Pursuant to GDPR, you have the following rights:
- Right of access: obtain a copy of data concerning you.
- Right of rectification: correct inaccurate data.
- Right to erasure (“right to be forgotten”).
- Right to restriction of processing.
- Right to object to processing.
- Right to portability of your data.
- Right to withdraw consent at any time.
- Right to give directives on the fate of your data after death.
To exercise these rights, write to contact@criseconscience.org specifying your request. A response will be provided within a maximum of one month.
If, after contacting us, you consider your rights are not respected, you can lodge a complaint with the CNIL (French data protection authority).
6. Security
We implement technical and organisational measures to protect your data: HTTPS encryption, IP hashing, restricted access to authorised people, regular backups, certified hosting.
7. Reinforced confidentiality for testimonies
If you contact us to share a testimony or report, please note that:
- Anonymous submission is possible (leave name/email fields empty).
- Sensitive data is consulted only by strictly necessary personnel.
- No data is publicly disseminated without explicit written agreement.
8. Updates
This policy may be updated to reflect service evolution or regulatory changes. Any important modification will be reported on the site.