GPDR
GDPR Compliance
At Sofia Messara, we are committed to protecting your personal data and complying fully with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable French data laws.
This page explains how we handle data, your rights, and the third-party services we use to operate our business.
1. Data Controller
Business Status: Sole Trader / Auto-Entrepreneur
Registered In: France
Operates: Globally
Data Controller:
Sofia Messara
Email: contact@sofiamessara.com
Address: 14 rue de Rixheim 68100 Mulhouse, France
2. What Data We Collect
Depending on how you interact with us, we may collect:
Name
Email address
Contact details
Payment information (processed securely by third-party processors)
Form responses
Website analytics data
Cookies and usage data
We do not sell or trade your data.
3. Legal Basis for Processing
We process data under:
Consent (e.g., newsletter sign-ups, Typeform submissions)
Contract (e.g., coaching purchases, programme enrolments)
Legitimate interest (e.g., website analytics, business operations)
Legal obligation (e.g., tax and accounting)
4. Third-Party Services We Use
We work with trusted third-party providers who process data on our behalf.
Below are the tools we use and their respective privacy/GDPR documentation.
4.1 Website & Hosting Services
Squarespace
Used for website hosting, analytics, forms, and commerce.
Privacy Policy: https://www.squarespace.com/privacy
GDPR Information: https://www.squarespace.com/gdpr
Data Processing Addendum: https://www.squarespace.com/dpa
4.2 Data Storage & Cloud Services
Google Workspace (Email, Drive, Analytics)
Privacy Policy: https://policies.google.com/privacy
GDPR Compliance: https://privacy.google.com/businesses/gdpr/
Microsoft Cloud / OneDrive / Outlook
Privacy Policy: https://privacy.microsoft.com/privacy
GDPR Compliance: https://www.microsoft.com/trust-center/privacy/gdpr
4.3 Form Tools
Google Forms
Used for client intake and questionnaires.
Privacy Policy: https://policies.google.com/privacy
GDPR Compliance: https://privacy.google.com/businesses/gdpr/
Typeform
Used to collect responses, feedback, and application data.
Privacy Policy: https://admin.typeform.com/to/dwk6gt
GDPR Compliance: https://www.typeform.com/help/a/what-has-typeform-done-to-comply-with-gdpr-360029581691/
4.4 Payments
Stripe
Privacy Policy: https://stripe.com/privacy
GDPR Compliance: https://stripe.com/guides/general-data-protection-regulation
PayPal
Privacy Policy: https://www.paypal.com/webapps/mpp/ua/privacy-full
GDPR Compliance: https://www.paypal.com/webapps/mpp/gdpr-readiness
4.5 Marketing & Analytics
Google Analytics
Used only with anonymised IP tracking where applicable.
Privacy Policy: https://policies.google.com/privacy
GDPR Compliance: https://support.google.com/analytics/answer/6004245
Meta Pixel (Facebook/Instagram)
Used for analytics and targeted advertising.
Privacy Policy: https://www.facebook.com/privacy/policy
GDPR: https://www.facebook.com/business/gdpr
LinkedIn Insight Tag
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
GDPR: https://www.linkedin.com/help/linkedin/answer/a1343197
4.6 Creative Tools
Adobe
(used for design, PDF creation and document handling)
Privacy Policy: https://www.adobe.com/privacy/policy.html
GDPR: https://www.adobe.com/privacy/eudataprivacy.html
5. Data Retention
We retain your data only for as long as necessary:
Client records: up to 7 years (legal requirement)
Newsletter and marketing data: until you unsubscribe
Analytics: according to tool retention settings
6. Your Rights
Under GDPR, you have the right to:
Access your data
Request correction
Request deletion (“right to be forgotten”)
Object to processing
Withdraw consent
Request data portability
To exercise your rights, contact us at: [insert email]
7. Cookies
Our site may use cookies for:
Performance
Analytics
Functionality
Advertising
You can manage or disable cookies through your browser settings.
8. International Transfers
Some third-party providers store data outside the EU.
We only work with companies that provide GDPR-compliant safeguards, such as:
Adequacy decisions
Standard Contractual Clauses (SCCs)
9. Security Measures
We use:
SSL encryption
Secure servers
Password-protected systems
Limited access controls
Cloud security protections
Regular updates and monitoring
10. Children
We do not knowingly collect data from individuals under 16 years old.
11. Updates
This GDPR page may be updated.
All changes will appear here.
VERSION FRANÇAISE RGPD
Chez Sofia Messara nous nous engageons à protéger vos données personnelles et à respecter le Règlement Général sur la Protection des Données (RGPD – UE 2016/679) ainsi que la législation française applicable.
1. Responsable du traitement
Statut de l’entreprise : Auto-entrepreneur
Pays d’enregistrement : France
Portée : Internationale
Responsable du traitement :
Sofia Messara
Email : contact@sofiamessara.com
Adresse : 14 rue de Rixheim 68100 Mulhouse, France
2. Données collectées
Nous pouvons collecter :
Nom et prénom
Adresse email
Coordonnées
Informations de paiement (gérées par des tiers sécurisés)
Réponses aux formulaires
Données d’utilisation du site
Cookies et données analytiques
Nous ne vendons jamais vos données.
3. Bases légales
Nous traitons vos données selon :
Le consentement
L’exécution d’un contrat
L’intérêt légitime
L’obligation légale
4. Prestataires tiers utilisés
Tous nos prestataires sont choisis pour leur conformité au RGPD.
4.1 Site & hébergement
Squarespace
Politique de confidentialité : https://www.squarespace.com/privacy
RGPD : https://www.squarespace.com/gdpr
DPA : https://www.squarespace.com/dpa
4.2 Stockage & services cloud
Google Workspace (Mail, Drive, Analytics)
Politique : https://policies.google.com/privacy
RGPD : https://privacy.google.com/businesses/gdpr/
Microsoft Cloud / OneDrive / Outlook
Politique : https://privacy.microsoft.com/privacy
RGPD : https://www.microsoft.com/trust-center/privacy/gdpr
4.3 Outils de formulaires
Google Forms
Politique : https://policies.google.com/privacy
RGPD : https://privacy.google.com/businesses/gdpr
Typeform
Politique : https://admin.typeform.com/to/dwk6gt
RGPD : https://www.typeform.com/help/a/what-has-typeform-done-to-comply-with-gdpr-360029581691/
4.4 Paiements
Stripe
Politique : https://stripe.com/privacy
RGPD : https://stripe.com/guides/general-data-protection-regulation
PayPal
Politique : https://www.paypal.com/webapps/mpp/ua/privacy-full
RGPD : https://www.paypal.com/webapps/mpp/gdpr-readiness
4.5 Marketing & analyse
Google Analytics
Politique : https://policies.google.com/privacy
RGPD : https://support.google.com/analytics/answer/6004245
Meta Pixel (Facebook/Instagram)
Politique : https://www.facebook.com/privacy/policy
RGPD : https://www.facebook.com/business/gdpr
LinkedIn Insight Tag
Politique : https://www.linkedin.com/legal/privacy-policy
RGPD : https://www.linkedin.com/help/linkedin/answer/a1343197
4.6 Outils créatifs
Adobe
Politique : https://www.adobe.com/privacy/policy.html
RGPD : https://www.adobe.com/privacy/eudataprivacy.html
5. Durée de conservation
Dossiers clients : jusqu’à 7 ans
Marketing : jusqu’à désinscription
Analytics : selon les paramètres des services
6. Vos droits
Vous pouvez demander :
L’accès
La rectification
La suppression
La limitation
La portabilité
Le retrait de consentement
Contact : contact@sofiamessara.com
7. Cookies
Notre site utilise des cookies pour :
La performance
Les analyses
Les fonctionnalités
La publicité
Vous pouvez les désactiver via les paramètres de votre navigateur.
8. Transferts internationaux
Certains prestataires stockent des données hors UE.
Nous utilisons uniquement des services offrant des clauses conformes au RGPD.
9. Sécurité
Nous utilisons :
SSL
Stockage sécurisé
Mots de passe protégés
Accès restreint
Solutions cloud sécurisées
10. Enfants
Nous ne collectons pas de données d’enfants de moins de 16 ans.
11. Mise à jour
Cette page peut être modifiée.
Les mises à jour seront publiées ici.