Privacy policy
Last updated 19 May 2026.
1. Introduction
Sophryon is the research project I run as sole proprietor under French law, headquartered at Résidence Les Terrasses du Parc D, 20167 Sarrola-Carcopino. My name is Jean-Marie Bastelica.
This page explains what personal data I collect when you visit sophryon.com or email me, why I collect it, how long I keep it, and what rights you have over it. It is written to comply with the European General Data Protection Regulation (Regulation (EU) 2016/679, the GDPR) and the French Data Protection Act of 6 January 1978, as amended.
2. Data controller
I am the data controller within the meaning of article 4(7) GDPR. You can reach me at:
Jean-Marie Bastelica
Résidence Les Terrasses du Parc D
20167 Sarrola-Carcopino, France
Email: [email protected]
I have not designated a data protection officer. Sophryon does not engage in large-scale processing of personal data, nor in systematic monitoring of data subjects, so the conditions of article 37 GDPR do not apply.
3. Data collected
Browsing data (automatic). When you load a page of this site, my hosting provider Cloudflare automatically processes a few technical fields: your IP address, browser type and version, operating system, the page that referred you, and the date and time of your visit. This is the minimum needed to serve the site and protect it from abuse.
Contact data (voluntary). If you choose to write to [email protected], I receive whatever you put in the email: your address, your name if you sign it, and the content of your message.
No cookies, no tracking. Sophryon.com does not drop advertising, analytics or tracking cookies. No measurement tool, social plugin or behavioural advertising service is loaded on these pages.
4. Purposes and legal bases
| Purpose | Data | Legal basis (GDPR art. 6) |
|---|---|---|
| Delivering and securing the website | IP address, technical logs | Legitimate interest (art. 6.1.f), namely ensuring availability and protecting against attacks |
| Replying to your messages | Email address, name, message content | Consent (art. 6.1.a) — implied by your initiating contact |
| Administrative and professional follow-up | Email correspondence | Legitimate interest (art. 6.1.f), for the management of professional exchanges |
5. Retention periods
Cloudflare keeps raw technical logs for a short window, typically no more than 30 days, after which they are aggregated or deleted.
I keep email correspondence for up to three years from the date of our last exchange, in line with the CNIL guidance on B2B prospecting and professional follow-up. Past that point, I delete or anonymize old threads.
6. Recipients of data
I am the only person who handles your data on the Sophryon side. Nothing is sold, rented, or transferred to third parties for commercial purposes.
Two technical providers act on my behalf as data processors under article 28 GDPR:
- Cloudflare, Inc. (United States): website hosting and security.
- Google LLC / Google Ireland Ltd. (United States / Ireland): email service through Google Workspace for the sophryon.com domain.
7. International data transfers
Both my hosting and email providers are based in the United States. As a result, some of your data, typically your IP address and the content of any email you send me, leaves the European Economic Area.
These transfers rely on the EU-U.S. Data Privacy Framework adopted by the European Commission on 10 July 2023 (Decision (EU) 2023/1795), which recognises an adequate level of protection for data sent to U.S. organisations certified under the framework. Both Cloudflare and Google are certified. Where the framework does not apply, transfers fall back on the Standard Contractual Clauses adopted by the Commission.
8. Your rights
Articles 15 to 22 of the GDPR give you a set of rights over your personal data:
- Right of access: confirm whether your data is being processed and obtain a copy of it.
- Right to rectification: correct inaccurate or incomplete data.
- Right to erasure(also known as the "right to be forgotten"): request deletion of your data under certain conditions.
- Right to restriction of processing: limit how we use your data in specific situations.
- Right to data portability: receive your data in a structured, commonly used format.
- Right to object to processing based on legitimate interest.
- Right to withdraw consent at any time, where processing is based on consent. Withdrawal does not affect the lawfulness of prior processing.
- Right to define directives regarding the fate of your data after death, under article 85 of the French Data Protection Act.
To exercise any of these, write to [email protected]. I may ask you to confirm your identity before acting. You should get a reply within a month, as article 12.3 GDPR requires.
9. Right to lodge a complaint
If you believe I have mishandled your rights, you can file a complaint with the French Data Protection Authority:
Commission Nationale de l'Informatique et des Libertés (CNIL)
3 Place de Fontenoy, TSA 80715
75334 Paris Cedex 07, France
Website: https://www.cnil.fr
If you live in another EU Member State, your local data protection authority is also a valid option.
10. Automated decision-making
I do not run any automated decision-making, profiling, or scoring on visitors of this site within the meaning of article 22 GDPR.
11. Security
I take reasonable technical and organizational steps to protect your data: TLS encryption on all traffic, tight access control on the mailbox, and providers (Cloudflare, Google) that hold recognised security certifications. No system is perfect, but I keep the attack surface as small as I can.
12. Changes to this policy
I may update this policy from time to time, either because my practices change or because the law does. The date at the top of the page reflects the latest revision. For anything substantial, I will flag the change on the site itself.
13. Contact
Questions about this policy, or about what I hold on you: [email protected].