Aller au contenu principal
Tattoo Moi Studio

Privacy Policy (GDPR)

Protection of your personal data

Last updated: October 11, 2025

Introduction

Tattoo Moi Studio is committed to protecting the privacy of its users and ensuring the security of their personal data in accordance with the General Data Protection Regulation (GDPR) and French "Data Protection and Freedom" law.

This privacy policy informs you about how we collect, use, store, and protect your personal data when you use our website and services.

1. Data Controller

Company name: SULTAN SIMON

Address: 7 Av. Christian Doppler Bat B, 77700 Serris, France

Email: contact@tattoomoi.studio

2. Personal Data Collected

We only collect data necessary for managing your tattoo request and communicating with you.

Data collected through contact and request forms:

  • Identity: First name, Last name
  • Contact details: Email, Phone
  • Project information: Body area, desired size, estimated budget, availability
  • Artistic inspiration: URL to reference images, project description
  • Discovery source: How you found out about the studio (optional)

Important: We do NOT collect ANY sensitive data related to health, political opinions, religion, or sexual orientation.

3. Processing Purposes

Your personal data is collected and processed for the following purposes:

  • Tattoo request management: Process your request, schedule appointments, realize your tattoo project
  • Communication: Answer your questions, keep you informed about your project progress
  • Artistic creation: Understand your expectations and create a personalized design
  • Legal obligations: Retention of accounting and contractual data (invoices, quotes)

4. Legal Basis for Processing

The processing of your data is based on the following legal grounds:

  • Consent: You consent to the processing of your data by filling out and submitting our forms
  • Contract execution: Processing is necessary for the realization of your tattoo project
  • Legal obligation: Retention of accounting data in accordance with French legal obligations

5. Data Recipients

Your personal data is accessible only to the following persons:

  • Internal team: Tattoo artists and administrative staff of Tattoo Moi Studio within the strict scope of their duties
  • Technical service providers:
    • Web hosting: Cloudflare Pages (United States) - Website hosting
    • Email service: Resend or equivalent - Sending notifications
    • Image storage: Cloudinary - Secure portfolio image hosting
    • Content Delivery Network (CDN): Cloudflare - Performance optimization and site security

Important: We do not sell, rent, or share your data with third parties for commercial or marketing purposes.

6. International Data Transfers

Some of our service providers (Cloudflare, Cloudinary) may be located outside the European Union. These transfers are secured by:

  • Standard Contractual Clauses (SCC) approved by the European Commission
  • GDPR compliance guarantees
  • Security certifications (ISO 27001, SOC 2)

7. Retention Period

Your data is retained for the following periods:

  • Project requests: 3 years from your last contact, unless you become a client
  • Clients: 10 years in accordance with French accounting and tax obligations
  • Uploaded images (inspiration): Deleted immediately after project completion or upon request

At the end of these periods, your data is permanently deleted from our systems.

8. Data Security

We implement technical and organizational measures to protect your data:

  • Encryption: HTTPS/SSL for all communications, encryption of sensitive data in database
  • Secure authentication: Admin access protected by hashed password (bcrypt)
  • Secure hosting: Certified Cloudflare infrastructure monitored 24/7
  • Access limitations: Only authorized persons can access your data
  • Backups: Regular backups on MongoDB Atlas with encryption

9. Your Rights

In accordance with the GDPR, you have the following rights regarding your personal data:

Right of access

You can request to view the data we hold about you.

Right to rectification

You can request correction of inaccurate or incomplete data.

Right to erasure ("right to be forgotten")

You can request deletion of your data, except for legal retention obligations.

Right to restriction of processing

You can request temporary freezing of your data.

Right to data portability

You can retrieve your data in a structured and readable format.

Right to object

You can object to the processing of your data for legitimate reasons.

Right to withdraw consent

You can withdraw your consent at any time.

How to exercise your rights?
To exercise any of these rights, send us an email at <email/>.
We commit to responding within a maximum period of one month.

Security note: Proof of identity may be requested to ensure the security of your data.

10. Right to Lodge a Complaint

If you believe your rights are not being respected, you can lodge a complaint with the CNIL (French Data Protection Authority):

CNIL
3 Place de Fontenoy
TSA 80715 - 75334 PARIS CEDEX 07
Phone: 01 53 73 22 22
Website: www.cnil.fr

11. Policy Modifications

We reserve the right to modify this privacy policy at any time to reflect legal, technical, or service developments.

Any modification will be published on this page with an update date.

We encourage you to regularly consult this page to stay informed.

12. Contact

For any questions regarding this privacy policy or the use of your personal data, you can contact us:

By email: contact@tattoomoi.studio

By mail: Tattoo Moi Studio, 7 Av. Christian Doppler Bat B, 77700 Serris, France