Privacy Policy

1. Scope and the GDPR (RGPD)

This policy describes how CGT Studio (“we”, “us”) processes personal data when you use the website cgtstudio.com and related online features. We process personal data in accordance with the General Data Protection Regulation (EU) 2016/679 (“GDPR”) and applicable EU/EEA and UK data-protection law. If you are in the European Economic Area, the United Kingdom, or Switzerland, the rights and obligations below apply to you unless a stricter local rule applies.

2. Data controller

The data controller is CGT Studio. You may request the identity and contact details of the controller, and any EU representative (if appointed), via our contact page.

3. Categories of data we collect

Data you provide: for example name, email address, subject line, and message content when you use the contact form.

Technical and usage data: information that browsers and our hosting stack typically send or generate (for example IP address in server logs, approximate location derived from network data, user agent, date/time of access, and pages viewed). We use Vercel Web Analytics on this site to understand aggregate traffic (see section 6).

We do not use the data collected on this website to make solely automated decisions that produce legal or similarly significant effects about you.

4. Purposes and legal bases (GDPR Article 6)

We process personal data only where a legal basis applies, in particular:

• Performance of a contract or pre-contractual steps — handling your contact request when you ask us to respond (Article 6(1)(b) GDPR).
• Legitimate interests — operating, securing, and improving the website; measuring aggregated audience; preventing abuse and spam (Article 6(1)(f) GDPR). Where required, we balance these interests against your rights.
• Legal obligation — where we must retain or disclose data to comply with applicable law (Article 6(1)(c) GDPR).
• Consent — where we rely on consent (for example for non-essential cookies or similar technologies, if we use them), we will ask separately and you may withdraw consent at any time (Article 6(1)(a) GDPR).

5. Hosting and subcontractors

Hosting and edge infrastructure. The site is hosted and delivered by Vercel Inc. (vercel.com), which processes personal data on our instructions as a processor (e.g. HTTP requests, logs, security and performance features). Vercel’s documentation and data-processing terms describe how they safeguard data, including transfers outside the EEA using appropriate safeguards (such as Standard Contractual Clauses or other mechanisms recognised under Chapter V GDPR).

Contact form delivery. Messages you send via our contact form may be transmitted to Discord (webhook) so our team can read and reply. Discord Inc. may process related technical data (including metadata) under its own terms and privacy notice. Where data is transferred outside the EEA, we rely on appropriate safeguards required by the GDPR.

We do not sell your personal data. We may disclose data if the law requires it, or to establish or defend legal claims.

6. Cookies and analytics

This site loads Vercel Web Analytics (/_vercel/insights/script.js) to collect privacy-oriented, aggregate usage metrics. You can use your browser settings to block scripts or storage; blocking may affect how reliably some features work.

We may still use strictly necessary techniques (for example to remember essential preferences or to secure the service). For any optional, non-essential cookies or trackers, we will describe them and, where required, ask for your consent before placing them.

7. Retention

We keep personal data only as long as needed for the purposes above: for example, contact messages for the time required to respond and handle follow-up, and server or analytics data according to our providers’ retention settings and our security needs, unless a longer period is required by law.

8. International transfers

Data may be processed in countries outside your own, including the United States, where some providers are established. If so, we implement safeguards under the GDPR (such as Standard Contractual Clauses approved by the European Commission, supplementary measures where appropriate, or other valid tools).

9. Your rights under the GDPR

Subject to conditions in the GDPR, you may have the right to:

• access your personal data and obtain a copy;
• rectify inaccurate data;
• request erasure (“right to be forgotten”) in certain cases;
• restrict processing in certain cases;
• data portability for data you provided, where processing is based on contract or consent and carried out by automated means;
• object to processing based on legitimate interests or for direct marketing;
• withdraw consent at any time, where processing is based on consent, without affecting earlier processing;
• lodge a complaint with a supervisory authority. In France, this is the CNIL (cnil.fr).

To exercise your rights, use our contact page. We may need to verify your identity before fulfilling certain requests.

10. Security

We take appropriate technical and organisational measures to protect personal data against unauthorised access, alteration, disclosure, or destruction. No method of transmission over the Internet is fully secure; we encourage you to use secure channels when sending sensitive information.

11. Children

This website is not directed at children. If you believe we have collected data from a child without proper authority, please contact us and we will take appropriate steps.

12. Changes to this policy

We may update this policy to reflect legal, technical, or organisational changes. The “Last updated” date at the top will be revised when we do. Material changes may be highlighted on the site where appropriate.

13. Contact

For any question about this policy or our processing of personal data, please use our contact page.