© Learn French With Damien

📍 France ·

04:22:34 PM

Book your free trial lesson

© Learn French With Damien

Privacy Policy

Version 1.0 - 08 june 2026

This Privacy Policy is also available in French. In the event of any discrepancy between the two versions, the French version shall prevail.

Article 1 - Identity of the data controller

The data controller for personal data collected in connection with the Website and the teaching activity is:

Damien Gautier, sole trader (entrepreneur individuel — EI) Trading name: Speak French with Damien. Address: 8 Avenue de Villeneuve, 13830 Roquefort-La-Bédoule. SIRET: 980 497 424 00013. Email: contact@learnfrenchwithdamien.com. Website: https://www.learnfrenchwithdamien.com.

As data controller, Damien Gautier undertakes to process the personal data of users and clients in strict compliance with Regulation (EU) 2016/679 of 27 April 2016 on the protection of personal data (hereinafter "GDPR"), French Law No. 78-17 of 6 January 1978 as amended on data processing, files, and civil liberties, and any other applicable data protection legislation.

This Privacy Policy is intended to inform users of the Website and clients of the Provider in a transparent manner as to the nature of the data collected, the purposes of their processing, their retention periods, the recipients of such data, and the rights available to data subjects.

Any use of the Website or booking of a service implies unreserved acceptance of this Privacy Policy in the version in force at the time of consultation or booking.

Article 2 - Data collected and purposes of processing

The Provider collects and processes the following personal data in the course of its activity:

2.1 - Data collected via Acuity (booking and payment)

Data collected: first name, last name, email address, phone number, time zone, booking history, payment history, timestamped connection data.

Purposes: management of bookings, session confirmation and reminders, payment processing, management of cancellations and rescheduling, establishment of proof of acceptance of the T&Cs, dispute management, communication via WhatsApp Business at the Provider's initiative following collection of the phone number at the time of booking.

Legal basis: performance of a contract (Article 6.1.b GDPR).

Retention period: duration of the contractual relationship, then five (5) years from the end of the contractual relationship pursuant to statutory accounting and tax retention obligations.

2.2 - Data collected via email and messaging exchanges

Data collected: email address, content of exchanges, attachments, teaching materials transmitted, date and time of exchanges.

Purposes: operational communication with the client, transmission of teaching materials, management of requests and complaints, establishment of a record for dispute purposes.

Legal basis: performance of a contract (Article 6.1.b GDPR) and legitimate interest of the Provider (Article 6.1.f GDPR) for the retention of exchanges for evidentiary purposes.

Retention period: duration of the contractual relationship, then five (5) years from the end of the contractual relationship.

2.3 - Data collected via Kit/ConvertKit (newsletter and lead magnet)

Data collected: email address, date and time of subscription, subscription source (level quiz, website form), history of emails sent and opened.

Purposes: sending of the newsletter, sending of the lead magnet, commercial and educational communication, management of unsubscriptions.

Legal basis: consent of the data subject (Article 6.1.a GDPR). Consent is collected at the time of subscription via the dedicated form and may be withdrawn at any time via the unsubscribe link included in every email.

Retention period: until unsubscription by the data subject, then deletion within thirty (30) days following unsubscription.

2.4 — Data collected via Google Analytics (audience analysis)

Data collected: anonymised browsing data (pages visited, session duration, approximate geographical origin, device and browser type), anonymised IP address.

Purposes: analysis of Website audience, improvement of the user experience, measurement of Website performance.

Legal basis: legitimate interest of the Provider (Article 6.1.f GDPR), subject to cookie consent where required by applicable regulations.

Retention period: twenty-six (26) months in accordance with the recommendations of the CNIL.

2.5 - Data collected via WhatsApp Business

Data collected: phone number, content of exchanges, date and time of messages.

Purposes: operational communication with the client, transmission of information relating to sessions, management of day-to-day requests.

Legal basis: performance of a contract (Article 6.1.b GDPR) and implicit consent of the data subject having initiated or accepted communication via this channel.

Retention period: duration of the contractual relationship, then deletion within a reasonable period following the end of the contractual relationship. The Provider shall not be held liable for data retained by WhatsApp/Meta on its own servers, the processing of which is governed by the privacy policy of Meta Platforms Ireland Limited.

2.6 - Data relating to disputes and complaints

Data collected: all data necessary for the management of the dispute, including booking history, proof of payment, written exchanges, and records of T&Cs acceptance.

Purposes: dispute management, establishment of evidence, exercise or defence of rights in legal proceedings.

Legal basis: legitimate interest of the Provider (Article 6.1.f GDPR) and legal obligations (Article 6.1.c GDPR).

Retention period: five (5) years from the closure of the dispute or the end of the contractual relationship, whichever is the later.

2.7 - Data collected via the level quiz

Data collected: email address, quiz answers, estimated result and level (A1 to C2), date and time of submission.

Purposes: estimation of the user's French level, automatic sending of the result by email, prospect qualification, potential addition to the Kit/ConvertKit newsletter list subject to the user's explicit consent.

Legal basis: consent of the data subject (Article 6.1.a GDPR). Consent is collected at the time of form submission. The user may withdraw their consent at any time by contacting the Provider at damien@learnfrenchwithdamien.com.

Retention period: submission data is retained on Supabase for a period of twelve (12) months. Email addresses of prospects who have not become clients are deleted at the end of this period.

Sub-processors involved: Vercel Inc. (quiz hosting) and Supabase Inc. (submission data storage), see Article 3.1.

Article 3 - Recipients of data and transfers outside the European Union

3.1 - Recipients of data

Personal data collected in the course of the Provider's activity is transmitted solely to the third-party service providers strictly necessary for the performance of the services, acting as data processors within the meaning of Article 28 of the GDPR:

Acuity Scheduling LLC (a subsidiary of Squarespace Inc.), United States - booking and client relationship management. Privacy policy: https://www.acuityscheduling.com/privacy.php

Stripe (Stripe Inc., United States) - secure processing of card payments. Privacy policy: https://stripe.com/fr/privacy

PayPal (PayPal Holdings Inc., United States) - secure processing of PayPal payments. Privacy policy: https://www.paypal.com/fr/webapps/mpp/ua/privacy-full

Google LLC (United States) - audience analysis via Google Analytics and email service via Gmail. Privacy policy: https://policies.google.com/privacy

Kit/ConvertKit (ConvertKit LLC, United States) - newsletter and email communication management. Privacy policy: https://convertkit.com/privacy

Meta Platforms Ireland Limited (Ireland) - communication via WhatsApp Business. Privacy policy: https://www.whatsapp.com/legal/privacy-policy

Vercel Inc. (United States) - hosting of the level quiz accessible at quiz.speakfrenchwithdamien.com. Privacy policy: https://vercel.com/legal/privacy-policy

Supabase Inc. (United States) - storage of quiz submission data (answers, results, email addresses). Privacy policy: https://supabase.com/privacy

Umami Software Inc. (United States) - audience analysis of the quiz via Umami, a cookie-free audience measurement solution that collects no personally identifiable data and carries out no data transfers to third parties for advertising purposes. Privacy policy: https://umami.is/privacy

These third-party service providers act solely on the Provider's instructions and strictly within the scope of the purposes defined in Article 2. They are not authorised to use clients' personal data for their own commercial purposes in the context of their relationship with the Provider.

The Provider does not sell, rent, assign, or communicate clients' personal data to any third party for its own commercial purposes. Any transmission of data to a third party not mentioned in this article is excluded, save where required by law or court order.

3.2 - Transfers outside the European Union

Several of the third-party service providers mentioned in Article 3.1 are established outside the European Union, in particular in the United States and Australia. These transfers are governed by the following appropriate safeguards, in accordance with Chapter V of the GDPR:

Acuity Scheduling (United States): transfer governed by standard contractual clauses approved by the European Commission and, where applicable, by the EU-US Data Privacy Framework where the service provider is certified thereunder.

Stripe, Google, ConvertKit (United States): transfers governed by standard contractual clauses approved by the European Commission and, where applicable, by the EU-US Data Privacy Framework where the service provider is certified thereunder.

Meta/WhatsApp (processing via Meta Platforms Ireland Limited, Ireland): primary processing carried out within the European Union; any transfers to the United States governed by standard contractual clauses.

Vercel, Supabase, Umami (United States): transfers governed by standard contractual clauses approved by the European Commission and, where applicable, by the EU-US Data Privacy Framework where the service provider is certified thereunder.

The Provider shall not be held liable for the data processing practices of these third-party service providers, which are governed by their respective privacy policies, the links to which are set out in Article 3.1.

Article 4 - Rights of data subjects

In accordance with Articles 15 to 22 of the GDPR, every data subject has the following rights over their personal data:

4.1 - Right of access (Article 15 GDPR)

Every data subject has the right to obtain confirmation as to whether or not personal data concerning them is being processed, and where it is, to obtain a copy thereof as well as information on the purposes of the processing, the categories of data processed, the recipients, the retention periods, and the safeguards applicable to transfers outside the EU.

4.2 - Right to rectification (Article 16 GDPR)

Every data subject has the right to obtain the rectification of inaccurate personal data concerning them, as well as the completion of incomplete data.

4.3 - Right to erasure (Article 17 GDPR)

Every data subject has the right to obtain the erasure of their personal data where it is no longer necessary for the purposes for which it was collected, where consent is withdrawn and there is no other legal basis, or where the data has been unlawfully processed.

This right does not apply where processing is necessary for compliance with a legal obligation, for the establishment, exercise, or defence of legal claims, or for the performance of a contract in progress. In particular, data retained pursuant to statutory accounting and tax retention obligations (Article 2.1) may not be subject to early erasure.

4.4 - Right to restriction of processing (Article 18 GDPR)

Every data subject has the right to obtain restriction of the processing of their data in the cases provided for by the GDPR, including where they contest the accuracy of the data, where the processing is unlawful, or where they have objected to the processing.

4.5 - Right to data portability (Article 20 GDPR)

Every data subject has the right to receive the personal data they have provided in a structured, commonly used, and machine-readable format, and to transmit it to another data controller, where the processing is based on consent or on the performance of a contract and is carried out by automated means.

4.6 - Right to object (Article 21 GDPR)

Every data subject has the right to object at any time to the processing of their data based on the Provider's legitimate interest (Article 6.1.f GDPR), on grounds relating to their particular situation. The Provider shall then cease the processing, unless it demonstrates compelling legitimate grounds which override the interests and rights of the data subject, or for the establishment, exercise, or defence of legal claims.

Every data subject has the right to object at any time to the processing of their data for direct marketing purposes, without having to provide any justification.

4.7 - Right to withdraw consent (Article 7.3 GDPR)

Where processing is based on consent, every data subject has the right to withdraw their consent at any time, without affecting the lawfulness of processing carried out prior to such withdrawal. Withdrawal of consent to the newsletter is effected via the unsubscribe link included in every email sent via Kit/ConvertKit.

4.8 - Right to define post-mortem instructions (Article 85 French Data Protection Act)

Every data subject has the right to define instructions regarding the retention, erasure, and communication of their personal data after their death, with the Provider or via a trusted digital third party.

4.9 - Exercising rights

The rights referred to in Articles 4.1 to 4.8 may be exercised at any time by email to damien@learnfrenchwithdamien.com, specifying the subject of the request and enclosing, where necessary, a copy of a proof of identity.

The Provider undertakes to respond to any request within a maximum period of one (1) month from receipt of the request. This period may be extended by a further two (2) months in the case of a complex or multiple request, the Provider informing the data subject of such extension within the one-month period.

In the event of an unsatisfactory response or no response within the prescribed period, every data subject has the right to lodge a complaint with the competent supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL):

CNIL - 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 Website: https://www.cnil.fr Telephone: +33 1 53 73 22 22

Article 5 - Data security

The Provider implements appropriate technical and organisational measures to ensure a level of security appropriate to the risk, in accordance with Article 32 of the GDPR, and to protect personal data against accidental or unlawful destruction, accidental loss, alteration, unauthorised disclosure, or access.

5.1 - Technical measures

The technical measures implemented include in particular:

exclusive use of third-party service providers with their own certifications and security measures (Acuity, Stripe, PayPal, Google, Kit/ConvertKit, Meta/WhatsApp), whose security policies are accessible via their respective privacy policies referred to in Article 3.1;

securing access to professional tools and accounts using strong passwords and, where possible, two-factor authentication (2FA);

limiting access to personal data to what is strictly necessary for the Provider's activity;

transmission of teaching materials and professional exchanges via secure channels (encrypted email, encrypted messaging).

5.2 - Organisational measures

The Provider is the sole person with access to personal data collected in the course of their activity. No collaborator, intern, or third party not mentioned in Article 3.1 has access to clients' data.

Personal data is not stored on unsecured physical media. Exchanges containing personal data are not transferred to tools or services not mentioned in this Privacy Policy without prior notification to the data subjects concerned.

5.3 - Limitation of liability in matters of security

Notwithstanding the measures implemented, no data transmission or storage system is infallible. The Provider cannot guarantee the absolute security of personal data transmitted via the internet. In the event of a personal data breach likely to result in a high risk to the rights and freedoms of data subjects, the Provider undertakes to notify the data subjects concerned without undue delay, in accordance with Article 34 of the GDPR, and to notify the CNIL within seventy-two (72) hours in accordance with Article 33 of the GDPR.

The Provider's liability may not be engaged in the event of a data breach resulting from a failure specific to the systems of the third-party service providers referred to in Article 3.1, a malicious act by a third party beyond any reasonable control of the Provider, or negligence on the part of the data subject in protecting their own access credentials and data.

Article 6 - Cookies and trackers

6.1 - Definition and nature of cookies

A cookie is a small text file placed on the user's device (computer, tablet, smartphone) when browsing the Website. Cookies enable the Website to recognise the user's device on subsequent visits and to collect information relating to their browsing activity.

The Website uses the following categories of cookies:

Strictly necessary cookies: these cookies are essential to the proper functioning of the Website and its services. They cannot be disabled. They do not collect any personally identifiable information and are not used for advertising or commercial purposes.

Analytical and audience measurement cookies: the Website uses Google Analytics to analyse audience behaviour and usage. These cookies collect anonymised browsing data (pages visited, session duration, approximate geographical origin, device type). These cookies are only placed with the user's consent where such consent is required by applicable regulations.

6.2 - Consent management

In accordance with the recommendations of the CNIL and the ePrivacy Directive (2002/58/EC), cookies that are not strictly necessary for the functioning of the Website are only placed with the user's prior consent, collected via the cookie information banner displayed on the user's first visit to the Website.

Users may modify their cookie preferences at any time via their browser settings. Disabling certain cookies may affect the proper functioning of certain Website features.

6.3 - Cookie retention periods

Google Analytics analytical cookies are retained for a maximum period of twenty-six (26) months in accordance with the recommendations of the CNIL. Strictly necessary cookies are retained for the duration of the session or for a limited period strictly necessary for their purpose.

6.4 - Refusing and objecting to cookies

Users may refuse the placement of analytical cookies in several ways:

by refusing the placement of cookies when the cookie information banner is displayed on the Website;

by configuring their browser to block or delete cookies, it being noted that this setting may affect the proper functioning of certain Website features. The main browser configuration procedures are accessible via the help menus of the relevant browsers;

by installing the Google Analytics opt-out browser add-on available at: https://tools.google.com/dlpage/gaoptout

6.5 - Third-party cookies

The Website may contain links or integrations to third-party services (including Acuity) that may place their own cookies on the user's device. The Provider exercises no control over these third-party cookies, the placement and management of which are governed by the respective privacy policies of the service providers concerned, referred to in Article 3.1.

Article 7 - Final provisions

7.1 - Updates to this Privacy Policy

The Provider reserves the right to amend this Privacy Policy at any time, in particular in order to comply with any legal, regulatory, case law, or technical developments. The applicable version is the one online at the time of consultation of the Website or booking of a service, as identified by the version number and date shown at the top of this document.

In the event of a substantial amendment affecting the rights of data subjects, the Provider undertakes to inform active clients and newsletter subscribers by email within a reasonable period before the amendments come into force. Continued use of the Website or services following notification constitutes acceptance of the amendments.

7.2 - Record of processing activities

In accordance with Article 30 of the GDPR, the Provider maintains an internal record of personal data processing activities. This record is not published but is kept available to the CNIL upon request.

7.3 - Absence of automated decision-making and profiling

The Provider does not carry out any automated decision-making or profiling within the meaning of Article 22 of the GDPR that would produce legal effects or similarly significantly affect data subjects.

7.4 - Governing law

This Privacy Policy is governed by French law and the GDPR. In the event of any dispute relating to its interpretation or application, and in the absence of an amicable resolution, the French courts shall have sole jurisdiction, subject to the mandatory provisions applicable to consumers residing in the European Union.

7.5 - Contact

For any questions relating to this Privacy Policy or the exercise of your rights, you may contact the Provider at the following address: contact@learnfrenchwithdamien.com.

The Provider undertakes to respond to any request within a maximum period of one (1) month from receipt of the request, in accordance with Article 4.9 hereof.

7.6 - Supervisory authority

Every data subject has the right to lodge a complaint with the competent supervisory authority. In France, this is the Commission Nationale de l'Informatique et des Libertés (CNIL):

CNIL - 3 Place de Fontenoy, TSA 80715, 75334 Paris Cedex 07 Website: https://www.cnil.fr Telephone: +33 1 53 73 22 22

Data subjects residing in another EU member state may also lodge a complaint with the supervisory authority of their member state of residence.