Privacy Policy

Privacy Notice
Last Updated: October 26, 2025
Website: https://www.galipeau.com

  1. Data Collection & Processing Purposes
    We collect and process personal data under strict legal bases (GDPR Article 6, CCPA), primarily for contract performance, legitimate interests, and with your consent.

Collected Data Includes:

Identity Data: Name, username, title.

Contact Data: Email address, IP address.

Technical Data: Browser type/version, time zone, operating system, device information.

Usage Data: Pages visited, time spent, navigation paths, interaction with embedded content.

Profile Data: Username, password, preferences, feedback.

Communications Data: Email correspondence, comments, inquiries.

We do not collect Special Category Data (race, ethnicity, health, etc.) unless explicitly provided by you with explicit consent for a specified purpose.

  1. Lawful Basis for Processing
    Each processing activity is grounded in one of the following:

Performance of a Contract: To administer your account and provide services.

Legitimate Interests: For website security, administration, and analytics (balanced against your rights).

Legal Obligation: To comply with applicable laws and regulations.

Consent: For non-essential cookies and specific, optional data uses, which you may withdraw at any time.

  1. Data Sharing & International Transfers
    We share data only with trusted third-party processors under strict contractual obligations (Data Processing Agreements):

Hosting Provider: Infrastructure and data storage.

Analytics Providers: (e.g., Google Analytics 4 with IP anonymization). We require their compliance with privacy shields or equivalent frameworks.

Security Services: For threat detection and DDoS protection.

Any transfer of data outside the European Economic Area (EEA) or the United Kingdom is conducted using approved safeguards, such as Standard Contractual Clauses (SCCs).

We do not sell your personal data (as defined by the CCPA/CPRA).

  1. Data Retention & Erasure
    We retain personal data only as long as necessary for its collected purpose or to meet legal obligations:

User Account Data: Retained for the duration of your account’s activity. Inactive accounts may be purged after 3 years.

Comments and Metadata: Retained indefinitely to facilitate automatic follow-up approval, unless deletion is requested.

Technical Logs: Retained for 12 months for security monitoring.

Cookies: Duration specified per cookie in our Cookie Policy (see separate notice).

You may request erasure of your data at any time, subject to legal retention requirements.

  1. Your Data Subject Rights
    Depending on your jurisdiction, you have enforceable rights, including:

Right of Access & Portability: To request a copy of your data in a structured, machine-readable format.

Right to Rectification: To correct inaccurate or incomplete data.

Right to Erasure (‘Right to be Forgotten’): To request deletion of your data.

Right to Restrict Processing: To limit how we use your data in certain circumstances.

Right to Object: To object to processing based on legitimate interests.

Right to Opt-Out: (CCPA/CPRA) From the “sale” or “sharing” of personal data.

Right to Non-Discrimination: For exercising your privacy rights.

To exercise any right, contact us at privacy [@] galipeau [dot] com. We will respond within 30 days and may request verification of your identity.

  1. Cookies & Tracking Technologies
    We employ essential and non-essential cookies. A detailed Cookie Policy is available, listing all cookies, their purpose, provider, and duration.

Essential Cookies: Required for core site functionality and security. These do not require consent.

Analytics/Performance Cookies: Help us understand site usage. These require your prior consent.

Third-Party/Embedded Content Cookies: Set by services like YouTube or Vimeo when content is embedded. Consent is managed via your interaction with the content.

Consent for non-essential cookies is collected via a clear, granular consent banner upon first visit. You can manage preferences at any time.

  1. Embedded Content & Third-Party Links
    Articles may include embedded content (videos, maps, social posts). Interacting with this content is subject to the third party’s privacy policy, over which we have no control. We recommend reviewing their policies before engagement.
  2. Security & Breach Notification
    We implement industry-standard technical and organizational measures (TOMs), including encryption (SSL/TLS), access controls, and regular security assessments. In the unlikely event of a data breach posing a high risk to your rights, we are committed to notifying you and the relevant supervisory authority without undue delay, as required by law.
  3. Automated Decision-Making & Profiling
    We do not engage in solely automated decision-making, including profiling, that produces legal or similarly significant effects concerning you.
  4. Contact & Supervisory Authority
    For all privacy-related inquiries or to exercise your rights:
    Email: privacy [@] galipeau [dot] com

You have the right to lodge a complaint with a supervisory authority, such as the:

UK: Information Commissioner’s Office (ICO)

EU: Your local member state’s Data Protection Authority (DPA)

USA: Relevant state Attorney General

  1. Policy Updates
    This notice is reviewed regularly and updated to reflect legal, technical, or operational changes. The “Last Updated” date at the top will be revised accordingly. Material changes will be communicated via the website or directly to users where appropriate.