copywritingrock (13 Allee de la Civeliere, 44200 Nantes, France) is the data controller for personal data collected through copywritingrock.com. This policy describes how we collect, use and protect your data under Regulation (EU) 2016/679 (GDPR) and the French Data Protection Act (Loi Informatique et Libertes).
Data we collect
When you contact us or place an order we collect your name, email address, phone number and country. Payment processing is handled by Stripe. We do not store card data. Project briefs and source documents are treated as confidential and deleted 90 days after project completion unless otherwise agreed.
Legal bases
We process data under contract performance (Art. 6(1)(b) GDPR) when delivering ordered services; legitimate interests (Art. 6(1)(f) GDPR) when responding to enquiries; legal obligation (Art. 6(1)(c) GDPR) for accounting records required under French law; and consent (Art. 6(1)(a) GDPR) for optional analytics.
Data retention
Order records are kept for 10 years to meet French accounting obligations (Code de commerce). Enquiry data from non-clients is deleted after 3 years of inactivity. Project materials are deleted 90 days after delivery unless retention is agreed.
Data sharing
We share data only with Stripe (payment processing) and EU-based hosting infrastructure. We do not sell data or share it with advertisers.
Your rights
Under GDPR and French law you have the right to access, rectify, erase, restrict or port your data, and to object to processing. Write to hello@copywritingrock.com. You may also complain to the CNIL at cnil.fr.