Privacy policy

I am committed to respecting the rights of each individual concerning personal data protection. With this Privacy Policy I inform you of my commitments and practical measures as a data controller. This Privacy Policy covers my website, its contact and newsletter forms, and my newsletter.


Within the use of the website, I, as the data controller (hereinafter also referred to as “I” or “me”), collect and store the data you provided as long as this is necessary to fulfill the specified purposes and legal obligations. In the following, I will inform you about what data is involved, how the data is processed, and what rights you have, especially regarding the General Data Protection Regulation (EU) 2016/679 (GDPR).

Collection and processing of personal data and their purposes

Web Hosting

For the provision of this website, I use the web hosting service o2switch, 222 Boulevard Gustave Flaubert, 63000 Clermont-Ferrand, France (hereinafter “o2switch”).

The legal foundation for utilization of o2switch is Art. 6 Subs. 1 Sentence 1 lit. f GDPR due to my legitimate economic interest in making my offer available on this website. In connection with the hosting, o2switch collects data on my behalf, which accrues while using the website.

When visiting the website

1. Log data

You can access the website without disclosing your identity. The browser on your end device automatically sends information to my website server (e.g. IP address of the querying computer, date and time of the access, name, and URL of the accessed file, browser type and version, and also further information sent by the browser, such as your computer’s OS, your access provider, geolocation, etc.).

This information is temporarily stored in a log file. It is collected without any action on your part and deleted automatically.

I process this data to ensure trouble-free connection to the website, comfortable use of my website, for assessing system security and stability.

The legal foundation for the data processing is Art. 6 (1) lit. f GDPR. My legitimate interest follows from the above purposes for the data collection.

Under no circumstances do I use the collected data to draw conclusions about your person.

2. Cookies

This website does not use cookies, either first-party cookies or third-party cookies, for any purpose.

3. Third-party tracking

This website does not include any content from third-party services that may collect information about your browsing.

Data Principles

When I collect and process data, I ensure that it is adequate, relevant, and limited to what is necessary for the purposes of the processing. I take measures to ensure that the data I process is accurate and, where necessary, kept up to date.

If you refuse to provide me with this information, I may not be able to provide my services to you in some cases.

I protect your personal data with measures such as material access restrictions and password policies.

Data security

All the data you personally transfer will be sent encrypted with the customary and secure TLS standard (Transport Layer Security). TLS is a proven standard also used for online banking, for example. You can recognize a secure TLS connection by the “s” appended to the HTTP (i.e. https://..) or by the lock symbol in your browser.

I also use suitable technical and organizational security measures to protect your data against accidental or intentional manipulation, partial or complete loss, destruction, or against unauthorized access by third parties.

Recipients of the data

I do not pass on your personal data to third parties except to those legally entitled to know it by virtue of their function.

Data retention

I only keep your data for the time necessary for the purpose of the processing carried out, and to comply with my legal obligations.


​​I collect data via two different forms: a contact form for RFP (requests for proposals) and a newsletter form.

The data of the contact form is transmitted to me as an email presenting the request, used only for processing the request for proposal and not stored.

The data from the newsletter form is used only for sending the newsletter and is stored on the marketing platform Brevo. By filling out this form, you acknowledge that the information you provided will be transferred to Brevo for processing by their terms of use.


With your subscription to the newsletter, I store your email address, IP address, registration date, and first and last name. I also use link tracking to improve the quality of my newsletters.

I use the program Brevo for emailing and contact relationship management.

The hosting servers on which Brevo processes and stores its databases are located within the European Union. They rent storage bays in French data centers (Online’s DC2 and DC3 data centers in Vitry-sur-Seine, in the region of Ile-de-France), and the hardware used is owned solely by Brevo. Data is stored on Google Cloud in Belgium.

The legal ground for the collection and processing of this data is Article 6.1 (a) GDPR. Your data is only used for the newsletter delivery and in the scope of what you have consented to. Your registration date is collected exclusively for documenting your registration in the newsletter.

Subscribers can subscribe or unsubscribe without any intervention from me, at any time, via the “unsubscribe” link in each newsletter, or by email to hello(at) By unsubscribing, they revoke their consent to the storing and processing of their data.

Transfer of the data outside the EU

All the personal data I process are hosted in the EU. Consequently, I do not transfer any personal data outside the European Union.

However, the specificities of a case with an international scope and the interests of my clients may lead me in certain cases to transfer personal data outside the European Union, in which case these transfers are based alternatively on:

  • the necessity of the transfer for the establishment (Art. 49 e) GDPR);
  • the necessity of the transfer for the performance of the contract concluded between me and my clients, or the implementation of pre-contractual measures taken at the request of my clients (Art. 49 b) GDPR).

Data subject rights

You have the right:

  • according to Art. 15 GDPR to demand information about your personal data I process. In particular, you can demand information about
    • the purposes of the processing,
    • the category of personal data,
    • the planned storage period,
    • the existence of a right to rectification, deletion, restriction, or revocation of processing,
    • the existence of a right to file a complaint,
    • the origin of your data, in so far as not collected by me,
    • and also about the existence of automated decision-making including profiling and where appropriate meaningful information about to details thereof;
  • according to Art. 16 GDPR to demand immediate rectification of inaccurate or completion of your personal data saved with me;
  • according to Art. 17 GDPR to demand the deletion of your personal data saved with me, in so far as the processing is not required for exercising the right of freedom of expression and information, to comply with a legal obligation, for reasons of public interest or to establish, exercise or defend legal claims;
  • according to Art. 18 GDPR to demand restriction of processing of your personal data, in so far as you contest the accuracy of the data, the processing is unlawful but you oppose deletion and I no longer need the data but you do to establish, exercise or defend legal claims or you have objected to processing according to Art. 21 GDPR;
  • according to Art. 20 GDPR to receive the personal data you have provided me in a structured, commonly used, and machine-readable format or to demand transmission to another controller;
  • according to Art. 7 Subs. 3 GDPR to withdraw your consent to me at any time. This means that I may no longer continue processing the data based on that consent in the future ;
  • according to Art. 77 GDPR to file a complaint to a supervisory authority. As a rule, you can contact your local data protection authority or the French data protection authority (“CNIL”) as I am based in France.

To sum up: you have the right to access, rectify, erase, object, and restrict processing, as well as the right to data portability, to withdraw your consent, and to launch a complaint with your local data protection authority.

If you want to exercise your data subject rights, send an email to hello(at) If there is any doubt about your identity, I may ask you for a copy of a signed identity document.

Right to object

You have the right, according to Art. 21 GDPR, to object to the processing of your personal data, insofar as there are grounds arising from your particular situation or it relates to objection to direct advertising. In the latter case, you have a general right to object, which I will heed without you having to present a particular situation.

Data controller
Max Schleiffer
3 rue George Sand
68000 Colmar, France

If you want to exercise your right to object, send an email to hello(at) If there is any doubt about your identity, I may ask you for a copy of a signed identity document.


I will endeavor to keep your personal information accurate. If you request access to the personal information I hold about you, wish to amend an inaccuracy, or have your information deleted from my files, please contact hello(at)

Changes to this Privacy Policy

This Privacy Policy is the latest version and amended as of 9 May 2023.

The further development of my website and online services or changes in statutory or public-authority requirements may render it necessary to amend this Privacy Policy. The latest version of the Privacy Policy can be downloaded and printed out at any time from the website under


If you have any questions regarding my Privacy Policy or require any clarifications, contact me:

  • by email: hello(at)
  • by mail: Max Schleiffer, 3 rue George Sand, 68000 Colmar, France.