Privacy Policy

Last updated: March 2025. This policy explains how CMOblueprint collects, uses, and protects your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable French law.

1. Data Controller

29 Mountains SASU
32 Chemin des Mignotteries, 78620 L'Étang-la-Ville, France
Email: alex@cmoblueprint.co

2. Data We Collect

We collect personal data through the following channels:

• Meeting booking (Cal.eu): Name, email address, and any information you provide when scheduling a call. This is processed by Cal.eu on our behalf.
• Newsletter (Substack): Email address when you subscribe to our newsletter. This is processed by Substack, Inc.
• Direct contact: Name, email address, and the content of any message you send us directly.
• Website usage: Essential technical data to ensure the site functions correctly (see our Cookie Policy).

3. Purpose and Legal Basis

We process your data for the following purposes:

• Scheduling and conducting calls: Legal basis — performance of a pre-contractual measure (GDPR Art. 6.1.b).
• Sending our newsletter: Legal basis — your explicit consent (GDPR Art. 6.1.a). You may withdraw consent at any time.
• Responding to enquiries: Legal basis — legitimate interest in conducting our business (GDPR Art. 6.1.f).

4. Data Retention

• Meeting data: Retained for the duration required by Cal.eu's data processing agreement, typically 12 months after the last interaction.
• Direct contact / enquiries: Retained for up to 3 years from the date of your last contact.
• Newsletter subscriptions: Retained until you unsubscribe or withdraw consent.

5. Data Sharing

We do not sell, rent, or trade your personal data to third parties. We share data only with the following service processors, strictly to provide our services:

• Cal.eu — meeting scheduling platform
• Substack, Inc. — newsletter platform
• Netlify, Inc. — website hosting

Each processor has entered into appropriate data processing agreements and maintains adequate data protection standards.

6. International Transfers

Some of our processors are based in the United States. Where data is transferred outside the European Economic Area, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

7. Your Rights

Under the GDPR, you have the following rights regarding your personal data:

• Right of access — you may request a copy of the data we hold about you.
• Right to rectification — you may request correction of inaccurate data.
• Right to erasure — you may request deletion of your data in certain circumstances.
• Right to data portability — you may request your data in a structured, machine-readable format.
• Right to object — you may object to processing based on legitimate interests.
• Right to withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting prior processing.

To exercise any of these rights, please contact us at alex@cmoblueprint.co. We will respond within 30 days.

8. Right to Lodge a Complaint

If you believe your rights have been violated, you have the right to lodge a complaint with the French data protection authority (CNIL) at www.cnil.fr.

9. Changes to This Policy

We may update this Privacy Policy from time to time. Any changes will be posted on this page with an updated date. We encourage you to review it periodically.

10. Contact

For any questions about this Privacy Policy or our data practices, please contact us at alex@cmoblueprint.co.