Privacy Policy

Article 1: Preamble

The purpose of this privacy policy is to inform the users of the website about:

  • How their personal data is collected. Personal data is considered any information that allows the identification of a user. This may include: their first and last names, age, postal or email address, location, or IP address (non-exhaustive list);
  • The rights they have regarding this data;
  • The person responsible for processing the collected personal data;
  • The recipients of this personal data;
  • The website’s policy regarding cookies.

This policy complements the legal notices available to users at the following addresses:

Article 2: Principles Regarding the Collection and Processing of Personal Data

In accordance with Article 5 of the European Regulation 2016/679 (GDPR), personal data is:

  • Processed lawfully, fairly, and transparently concerning the data subject;
  • Collected for specific, explicit, and legitimate purposes (see Article 3.1 below) and not further processed in a manner incompatible with those purposes;
  • Adequate, relevant, and limited to what is necessary for the purposes for which they are processed;
  • Accurate and, where necessary, kept up to date. All reasonable steps must be taken to erase or correct personal data that is inaccurate in relation to the purposes for which it is processed without delay;
  • Kept in a form that allows identification of data subjects for no longer than necessary for the purposes for which the data is processed;
  • Processed in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction, or damage, using appropriate technical or organizational measures.

Processing is lawful only if, and to the extent that, at least one of the following conditions is met:

  • The data subject has consented to the processing of their personal data for one or more specific purposes;
  • Processing is necessary for the performance of a contract to which the data subject is a party, or to take steps at their request prior to entering into a contract;
  • Processing is necessary for compliance with a legal obligation to which the data controller is subject;
  • Processing is necessary to protect the vital interests of the data subject or another natural person;
  • Processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
  • Processing is necessary for the purposes of legitimate interests pursued by the controller or a third party, unless overridden by the interests or fundamental rights and freedoms of the data subject, especially when the data subject is a child.

Article 3: Personal Data Collected and Processed While Browsing the Site

3.1 Data Collected

The personal data collected in the context of our activity includes:

  • First and last name
  • Email address
  • Phone number
  • Postal address (for orders or deliveries)
  • Payment information (via a secure platform)

The collection and processing of this data serves the following purposes:

  • Lessons management
  • Customer account management
  • Monitoring service quality
  • Sending newsletters

3.2 Data Collection Methods

When you use our website, the following data is automatically collected:

  • User’s IP address
  • Browser type
  • Operating system
  • Pages visited and duration of visit
  • Date and time of visit
  • Referring URL
  • Approximate location (based on IP address)
  • Cookie-related information (see our cookie policy)

Additional personal data is collected when you perform the following actions on the platform:

Contact Form

  • Data collected: full name, email address, phone number, nationality, message
  • Purpose: to respond to your inquiries and contact you if necessary.

Registration Form

  • Data collected: title, full name, email address, phone number, date of birth, address
  • Purpose: to register you for the course(s) you request to book with CLE.

Newsletter Subscription

  • Data collected: email address
  • Purpose: sending information, offers, and promotional content (with the option to unsubscribe at any time).

Data is retained by the controller under reasonable security conditions for a period of 13 months from the time it is stored on your device.
The company may retain certain personal data beyond these periods to fulfill its legal or regulatory obligations.

3.3 Data Hosting

International Data Transfers

This website is hosted by Webflow, Inc., located at 398 11th Street, 2nd Floor, San Francisco, CA 94103, USA ("Webflow"). Webflow provides the hosting infrastructure, content delivery, and form submission processing for this website using Amazon Web Services (AWS) and Fastly. As a result, personal data collected through this website — including data submitted through forms, IP addresses logged during your visit, and any other information processed in connection with your use of this site — may be transferred to and stored on servers located in the United States.

Legal Basis for Data Transfers

We rely on the following mechanisms to ensure that your personal data receives an adequate level of protection when transferred outside the European Economic Area (EEA), the United Kingdom, or Switzerland:

EU-U.S. Data Privacy Framework (DPF). Webflow is certified under the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework, as administered by the U.S. Department of Commerce. This certification means Webflow has committed to adhere to the DPF Principles with regard to personal data received from the EU, UK, and Switzerland. The European Commission adopted its adequacy decision for the DPF on July 10, 2023 (Commission Implementing Decision (EU) 2023/1795), recognising the United States as providing an adequate level of protection for personal data transferred to DPF-certified organisations. You can verify Webflow's active certification status at dataprivacyframework.gov.

Standard Contractual Clauses (SCCs). In addition to the DPF, we have entered into a Data Processing Addendum (DPA) with Webflow that incorporates the EU Standard Contractual Clauses adopted by the European Commission (Commission Implementing Decision (EU) 2021/914) and the UK International Data Transfer Agreement. These contractual safeguards provide an additional layer of protection for your personal data in the event the DPF adequacy decision is modified, suspended, or invalidated.

Data Processing Agreement

We have executed a Data Processing Addendum with Webflow in accordance with Article 28 of the GDPR. This agreement governs Webflow's processing of personal data on our behalf, including the categories of data processed, the purposes and duration of processing, and the technical and organisational security measures Webflow maintains. Webflow holds SOC 2 Type II certification and ISO/IEC 27001:2022 certification, and encrypts all data in transit and at rest.

Sub-processors

Webflow engages a number of sub-processors to provide its services. These sub-processors are located primarily in the United States and are contractually bound to provide the same level of data protection required under the GDPR and the Data Privacy Framework. A current list of Webflow's sub-processors is available at webflow.com/legal/subprocessors.

Additional Third-Party Services

In addition to Webflow, this website uses the following third-party services that may process personal data outside the EEA:

  • [Google Analytics] — [Website analytics] — United States — [DPF / SCCs]
  • [Cloudflare] — [Registration / Security] — United States — [DPF / SCCs]

We have entered into appropriate data processing agreements with each of these providers and verified their compliance with applicable data transfer requirements.

Article 4: Data Controller and Data Protection Officer

4.1 Data Controller

CLE, registration number Siret: 33262677900034, is the data controller for personal data collected through this website. Webflow acts as a data processor on our behalf, processing personal data only in accordance with our instructions and applicable data protection law.

The data controller can be contacted as follows:

  • By address: 44 rue Bernard Palissy
    37000 Tours, FRANCE
  • By phone: +33 2 47 64 06 19
  • By email: contact@cle.fr

4.2 Data Protection Officer (DPO)

The company’s DPO is:

  • Name: Céline Sortais
  • Address: 44 rue Bernard Palissy 37000 Tours, FRANCE
  • Phone: +33 2 47 64 06 19
  • Email: contact@cle.fr

If, after contacting us, you believe that your “Informatique et Libertés” rights are not respected, you may file a complaint with the CNIL (Commission Nationale de l’Informatique et des Libertés): www.cnil.fr

Article 5: User Rights Regarding the Collection and Processing of Data

Any user whose personal data is processed has the following rights under GDPR (Regulation 2016/679) and the French Data Protection Act (Law 78-17 of January 6, 1978):

  • Right of access, rectification, and erasure of data (Articles 15, 16, 17 GDPR)
  • Right to data portability (Article 20 GDPR)
  • Right to restriction (Article 18 GDPR) and objection to processing (Article 21 GDPR)
  • Right not to be subject to decisions based solely on automated processing
  • Right to determine the fate of data after death
  • Right to contact the competent supervisory authority (Article 77 GDPR)

To exercise your rights, please write to Céline Sortais at CLE or by email at contact@cle.fr.

To fulfill your request, the data controller may require certain information such as your name, email address, and account or subscription number. For more information about your rights, consult www.cnil.fr.

Article 6: Conditions for Modifying the Privacy Policy

The publisher of cle.fr reserves the right to modify this policy at any time to ensure compliance with applicable law.

Any modifications will not affect purchases made on the site, which remain subject to the policy in effect at the time of purchase and accepted by the user at checkout.

Users are invited to review this policy each time they use our services.

Last updated: 2026-15-04