Privacy Policy

# PRIVACY POLICY — PART 1

Introduction, Scope & Identity of the Controller

1.1 Purpose of this Privacy Policy

This Privacy Policy explains how personal data is collected, used, stored, protected, and shared in connection with MaditSpirit Publisher, a software platform accessible at:

https://publisher.maditspirit.com

(the “Platform”).

The Platform is a cloud-based software service that enables Publishers to:

  • upload video files in MP4 format,
  • add associated text descriptions, and
  • publish or distribute such content across supported third-party social media platforms through technical integrations.

Because the Platform processes certain categories of personal and technical data, this Privacy Policy is provided in accordance with:

  • the General Data Protection Regulation (GDPR – EU 2016/679),
  • applicable French data protection laws, and
  • relevant European privacy and electronic communications regulations.

By accessing or using the Platform, creating an account, or connecting third-party services, you acknowledge that you have read and understood this Privacy Policy.

1.2 Scope of Application

This Privacy Policy applies to:

  • all Users and Publishers accessing or using the Platform,
  • all pages, services, features, and integrations available on

publisher.maditspirit.com, and

  • any data processing activities strictly necessary for the operation,

security, and administration of the Platform.

The Policy covers data processed:

  • during account creation and authentication,
  • when uploading or distributing Content,
  • when connecting third-party social media accounts, and
  • through technical logs, security monitoring, or infrastructure operation.

This Privacy Policy does not govern:

  • third-party social media platforms themselves, or
  • external services operating under their own independent privacy policies.

Users are encouraged to review the privacy documentation of any connected third-party service.

1.3 Worldwide Availability and Regulatory Framework

The Platform is designed for global accessibility and may be used by individuals or entities located in multiple jurisdictions.

However:

  • the Platform is operated from the European Union,
  • its primary legal framework is based on GDPR and French law, and
  • data protection safeguards are implemented to meet European regulatory standards, even where Users are located outside the EU.

Where mandatory local data protection laws apply in a User’s country of residence, such provisions remain unaffected.

1.4 Identity of the Data Controller

For the purposes of applicable data protection legislation, the data controller responsible for processing personal data in connection with the Platform is:

EV-Adworks determines:

  • the purposes of data processing, and
  • the means used to operate, secure, and maintain the Platform.

Certain technical operations may involve trusted service providers acting as data processors under contractual data-protection obligations compliant with GDPR.

1.5 Core Privacy Principles

The Platform is designed according to the fundamental GDPR principles of:

  • lawfulness, fairness, and transparency,
  • purpose limitation,
  • data minimization,
  • accuracy,
  • storage limitation,
  • integrity and confidentiality, and
  • accountability.

Only data strictly necessary for operating the Platform, ensuring security, and complying with legal obligations is processed.

The Platform does not intentionally collect sensitive personal data within the meaning of Article 9 GDPR.

# PRIVACY POLICY — PART 2

Categories of Personal Data Collected

2.1 Principle of Data Minimization

The Platform is designed to collect and process only the personal data strictly necessary to:

  • operate the Service,
  • ensure technical functionality and security,
  • enable content distribution to third-party platforms, and
  • comply with applicable legal obligations.

No unnecessary or excessive personal data is intentionally collected.

The Platform does not knowingly collect sensitive personal data within the meaning of Article 9 of the GDPR (such as health data, biometric data, religious beliefs, or political opinions).

2.2 Account and Identification Data

When a User creates an account on the Platform, the following data may be collected:

  • email address,
  • encrypted authentication credentials (password hash or equivalent security mechanism),
  • internal account identifier, and
  • basic account status or security metadata.

This data is required to:

  • authenticate Users,
  • secure access to the Platform, and
  • manage account-level permissions and security controls.

2.3 Content and Publication-Related Data

When a Publisher uses the Platform to upload and distribute Content, the Platform may process:

  • uploaded video files in MP4 format,
  • associated text descriptions or metadata,
  • technical identifiers linked to the upload (file size, checksum, integrity status, timestamps), and
  • publication parameters related to distribution across connected platforms.

Such data is processed solely for technical distribution purposes and not for editorial analysis or content monitoring, except where required for:

  • security,
  • legal compliance, or
  • abuse prevention.

2.4 Connected Social Account Data

To enable multi-platform publishing, Publishers may connect third-party social media accounts via official authorization mechanisms (such as OAuth).

In this context, the Platform may process:

  • authorization tokens and refresh tokens,
  • account identifiers provided by the third-party platform,
  • limited technical metadata required for publication, and
  • connection status or permission scope.

The Platform does not access private messages, personal profiles, or unrelated data from third-party social accounts beyond what is strictly necessary to perform publication actions initiated by the Publisher.

2.5 Technical, Log, and Security Data

For infrastructure operation, fraud prevention, and service integrity, the Platform may automatically process:

  • IP address and network information,
  • device or browser characteristics,
  • timestamps of access, login, upload, and publication events,
  • error logs, audit logs, and security-related events, and
  • rate-limiting or anti-abuse indicators.

This processing is strictly limited to:

  • ensuring platform stability and security,
  • detecting fraudulent or abusive activity, and
  • maintaining legal compliance and traceability.

2.6 Payment and Billing Data

Where paid Subscription Plans are introduced or used, certain billing-related data may be processed, including:

  • transaction identifiers,
  • subscription status,
  • billing country or tax-related information, and
  • limited metadata required for accounting compliance.

Full payment credentials are never stored by the Operator and are processed exclusively by independent third-party payment providers (such as Mollie) operating under their own security and compliance frameworks.

2.7 Data Obtained from Third Parties

Certain limited data may be received from:

  • connected social media platforms (via OAuth authorization), and
  • payment service providers (transaction confirmation or status).

Such data is restricted to what is strictly necessary to:

  • perform the requested Service,
  • confirm payment status, or
  • enable technical publication actions.

2.8 Absence of Special Categories of Data

The Platform is not intended for medical, biometric, or behavioral profiling purposes.

Accordingly:

  • no health-related data is requested or processed,
  • no psychological or biometric analysis is performed, and
  • no sensitive profiling is conducted.

Any personal data voluntarily included by a User inside uploaded Content remains solely under the responsibility of the Publisher and is not processed as structured personal data by the Operator.

3.1 Account Authentication and Management

Personal data is processed to:

  • create and maintain User accounts,
  • enable secure authentication and login,
  • manage permissions, access control, and account security.

This processing is necessary for the performance of a contract

in accordance with Article 6(1)(b) GDPR.

Without such processing, access to the Platform cannot be provided.

3.2 Provision of the Publishing Service

Personal and technical data is processed to:

  • enable the upload of MP4 video files,
  • ensure temporary storage and technical processing,
  • execute distribution or publication to connected third-party platforms, and
  • maintain the operational integrity of the Service.

This processing is strictly necessary for contractual performance

under Article 6(1)(b) GDPR.

3.3 Security, Integrity, and Abuse Prevention

Certain technical and log-related data is processed in order to:

  • detect fraudulent, abusive, or unauthorized activity,
  • ensure infrastructure stability and service integrity,
  • apply rate-limiting, monitoring, and audit controls, and
  • protect the Platform, Users, and connected third-party services.

This processing is based on the Operator’s legitimate interest

in maintaining a secure and reliable service, pursuant to

Article 6(1)(f) GDPR.

Such interests are carefully balanced against Users’ rights and freedoms.

3.4 User Support and Service Communications

Personal data may be processed when Users:

  • contact support,
  • request assistance, or
  • interact with service-related communications.

This processing is based on:

  • contract necessity where support is required to provide the Service, and
  • the Operator’s legitimate interest in ensuring proper service operation

and communication with Users, under Article 6(1)(f) GDPR.

3.5 Payments, Billing, and Legal Compliance

Where paid Subscription Plans apply, personal and transactional data may be processed to:

  • manage billing and subscription status,
  • comply with accounting, tax, and financial regulations, and
  • retain legally required financial records.

This processing is based on:

  • contract necessity (Article 6(1)(b) GDPR), and
  • legal obligation (Article 6(1)(c) GDPR).

3.6 Essential Service Communications

The Operator may send non-marketing service communications, including:

  • security notifications,
  • technical or operational updates,
  • legal notices or Terms modifications, and
  • billing-related information.

Such communications are processed on the basis of:

  • contract necessity, and
  • the Operator’s legitimate interest in maintaining service continuity

and legal compliance (Article 6(1)(f) GDPR).

These communications do not constitute marketing.

3.7 Future Marketing Communications

The Platform does not currently send marketing or promotional communications.

However, limited marketing communications may be introduced in the future,

and would in such case rely exclusively on:

  • the User’s explicit consent, in accordance with

Article 6(1)(a) GDPR, and

  • applicable EU e-privacy rules.

Users would retain the right to withdraw consent at any time.

3.8 Absence of Automated Decision-Making

The Platform does not perform automated decision-making producing legal or similarly significant effects within the meaning of Article 22 GDPR.

In particular:

  • no automated profiling is conducted,
  • no behavioral scoring is applied, and
  • no decisions affecting Users’ legal rights are taken solely by automated means.

# 4. Data Sharing, Sub-Processors & International Transfers

4.1 No Sale or Advertising Use of Data

Personal data collected through publisher.maditspirit.com is never sold, rented, or shared for advertising purposes.

Data is processed strictly for:

  • providing access to the Publisher platform,
  • enabling multi-platform video publishing,
  • ensuring security, legal compliance, and service continuity.

At no time is user data commercialized to third parties.

4.2 Hosting Infrastructure and Technical Sub-Processors

The technical infrastructure of the Publisher platform relies on trusted providers located primarily within the European Union.

Current core processors include:

  • Hetzner (EU) for primary server hosting and infrastructure,
  • Cloudflare R2 for secure storage and delivery of uploaded media files.

These providers process data solely on documented instructions and in accordance with applicable data-protection regulations, including the GDPR where applicable.

4.3 Payment Processing

All payments are handled through Mollie, a regulated payment service provider based in the European Union.

Publisher does not store full payment details such as complete card numbers.

Payment data is processed directly by Mollie in accordance with its own:

  • security standards,
  • regulatory obligations,
  • privacy policy.

4.4 Connected Social Media Platforms

When a Publisher connects third-party social accounts (such as TikTok, Instagram, Facebook, or YouTube), those platforms act as independent data controllers governed by their own privacy policies and legal terms.

In this context:

  • Publisher only accesses the minimum technical data required to enable content publication,
  • the Publisher user remains fully responsible for their connected social accounts,
  • Publisher does not control how those external platforms process personal data.

Users are encouraged to review the privacy policies of each connected platform before linking their accounts.

4.5 International Data Transfers

Certain infrastructure components or connected platforms may involve data transfers outside the European Union, particularly:

  • global cloud infrastructure services,
  • U.S.-based social media platforms.

Where such transfers occur, they are safeguarded through recognized legal mechanisms, which may include:

  • Standard Contractual Clauses (SCCs) approved by the European Commission,
  • equivalent legal safeguards ensuring an adequate level of protection,
  • participation in recognized frameworks such as the EU-U.S. Data Privacy Framework, where applicable.

4.6 Restricted Internal Access

Access to personal data within Publisher is strictly limited to:

  • authorized personnel,
  • contractors bound by confidentiality obligations,
  • operational needs related to security, maintenance, or support.

No internal access is granted without a legitimate operational justification.

4.7 Legal Disclosure Requirements

Personal data may be disclosed only when legally required, including:

  • compliance with applicable laws or regulations,
  • lawful requests from courts or competent public authorities,
  • protection of Publisher’s legal rights,
  • fraud prevention, abuse detection, or platform security.

Such disclosure is always limited to what is strictly necessary and legally justified.

# 5. Data Retention

5.1 Retention During Active Account

Personal and technical data relating to a Publisher account are retained for the entire duration in which the account remains active, and only to the extent necessary to:

  • provide and operate the Service,
  • maintain security and integrity of the Platform, and
  • comply with applicable legal and regulatory obligations.

5.2 Retention After Account Deletion

Following deletion or closure of a Publisher account, certain data may be retained for a limited period of twelve (12) months where strictly necessary to:

  • comply with legal or regulatory obligations,
  • prevent fraud, abuse, or security incidents, or
  • establish, exercise, or defend legal claims.

After this period, retained data are permanently deleted or irreversibly anonymized, unless a longer retention period is required by law.

5.3 Technical and Security Logs

Routine technical or security logs are not retained beyond what is strictly necessary for the operation and protection of the Service.

Where logging is required for incident response, fraud prevention, or legal compliance, retention is limited to the shortest operationally necessary duration.

5.4 Billing and Accounting Data

Where applicable, billing and accounting information is retained for the legally required duration under European Union and French accounting regulations, typically up to ten (10) years.

Such retention is strictly limited to compliance with mandatory legal obligations.

5.5 Uploaded Media and Temporary Storage

Video files (MP4) uploaded to the Platform are stored only for temporary technical processing purposes.

Unless otherwise required for legal, security, or operational reasons, uploaded media are automatically deleted within twenty-four (24) hours after processing or publication.

Publishers remain solely responsible for maintaining their own backups of submitted Content.

5.6 Inactive Accounts

Publisher accounts are not automatically deleted solely due to inactivity.

Data remain retained under the same conditions as active accounts unless the User requests deletion or termination in accordance with these Terms.

5.7 System Backups

Encrypted system backups may be retained for a maximum period of seven (7) days for disaster-recovery and security purposes only.

Backups are automatically overwritten or securely deleted after this period.

# 6. User Rights Under Data Protection Law

6.1 Scope of Applicable Rights

In accordance with the General Data Protection Regulation (GDPR) and applicable European data protection laws, Publishers have specific rights regarding the personal data processed through the Platform.

These rights apply to personal data processed by the Operator in its capacity as data controller, as described in this Privacy Policy.

6.2 Right of Access

Publishers have the right to obtain confirmation as to whether their personal data is being processed and, where that is the case, to request:

  • access to the personal data concerned,
  • information about the purposes of processing,
  • categories of data involved,
  • recipients or categories of recipients, and
  • the envisaged retention period or applicable criteria.

6.3 Right to Rectification

Publishers may request the correction of inaccurate or incomplete personal data concerning them without undue delay.

6.4 Right to Erasure (“Right to be Forgotten”)

Publishers may request deletion of their personal data where:

  • the data is no longer necessary for the purposes for which it was collected,
  • consent is withdrawn and no other legal basis applies,
  • the data has been unlawfully processed, or
  • erasure is required to comply with a legal obligation.

This right is subject to legal retention requirements and legitimate grounds for continued processing, including fraud prevention, security, or legal defense.

6.5 Right to Restriction of Processing

Publishers may request restriction of processing where:

  • the accuracy of the data is contested,
  • processing is unlawful but erasure is opposed,
  • the data is required for legal claims, or
  • an objection to processing is pending verification.

During restriction, data may be stored but not otherwise processed except where legally permitted.

6.6 Right to Data Portability

Where processing is based on consent or contractual necessity and carried out by automated means, Publishers have the right to receive their personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller where technically feasible.

6.7 Right to Object

Publishers may object, on grounds relating to their particular situation, to processing based on legitimate interests pursued by the Operator.

Where such an objection is valid and no overriding legitimate grounds exist, the relevant processing will cease.

6.8 Right to Withdraw Consent

Where processing is based on consent, Publishers may withdraw consent at any time without affecting the lawfulness of processing carried out before withdrawal.

6.9 Right to Lodge a Complaint

Publishers have the right to lodge a complaint with a competent supervisory authority within the European Union, and in particular with the authority of their habitual residence, place of work, or place of the alleged infringement.

In France, the competent authority is the Commission Nationale de l’Informatique et des Libertés (CNIL).

6.10 Exercise of Rights

Requests relating to data protection rights may be submitted through the official contact details provided on the Platform.

The Operator may request reasonable verification of identity before processing a request, solely to prevent unauthorized disclosure of personal data.

Responses are provided within the legally required timeframe, except where an extension is permitted under applicable law.

# 7. International Data Transfers

7.1 Possibility of Transfers Outside the European Union

In the course of providing the Service, certain personal or technical data may be transferred to, accessed from, or processed in countries outside the European Economic Area (EEA).

Such transfers may occur in particular when the Platform relies on:

  • external infrastructure or storage services,
  • technical logging or security monitoring systems,
  • authentication or authorization mechanisms (including OAuth integrations), or
  • third-party social media platforms involved in content distribution.

These international data flows are strictly limited to what is necessary for the operation, security, and functionality of the Service.

7.2 Transfers to the United States and Other Third Countries

Some service providers or third-party platforms connected to the Platform may be located in the United States or other jurisdictions that do not benefit from an automatic adequacy decision under European data protection law.

Where such transfers occur, they are carried out only where legally permitted and subject to appropriate safeguards in accordance with the GDPR.

7.3 Legal Safeguards for International Transfers

When personal data is transferred outside the EEA to a country that does not provide an equivalent level of protection, the Operator relies on recognized legal transfer mechanisms, which may include in particular:

  • the European Commission’s Standard Contractual Clauses (SCCs),
  • an applicable adequacy decision issued by the European Commission, or
  • any other lawful safeguard permitted under Articles 44 to 49 of the GDPR.

These mechanisms are intended to ensure that personal data remains protected to a standard essentially equivalent to that guaranteed within the European Union.

7.4 Additional Technical and Organizational Safeguards

Where appropriate, the Operator implements supplementary protective measures designed to strengthen the security of international data transfers, which may include:

  • encryption in transit and/or at rest,
  • strict access controls and authentication requirements,
  • data minimization principles limiting transferred information to what is strictly necessary, and
  • contractual security obligations imposed on service providers.

Such measures aim to reduce risks of unauthorized access or disclosure in third-country environments.

7.5 Transfers Initiated by Publishers

When a Publisher chooses to distribute Content to a connected social media platform, certain technical or descriptive data may be transmitted directly to that third party at the Publisher’s initiative.

In such cases:

  • the third-party platform acts as an independent data controller,
  • the applicable data protection framework is governed by the privacy policy of that third party, and
  • the Operator cannot control subsequent processing once the data has been transmitted.

Publishers are therefore encouraged to review the relevant third-party privacy documentation before using distribution features.

7.6 Right to Obtain Further Information

Publishers may request additional information regarding:

  • the existence of international data transfers,
  • the countries concerned, and
  • the legal safeguards applied to such transfers.

Such requests may be submitted through the official contact details provided on the Platform, in accordance with the procedures described in this Privacy Policy.

# 8. Data Retention & Deletion

8.1 General Retention Principle

Personal and technical data processed through the Platform is retained according to a combined approach:

  • for the duration strictly necessary to provide and secure the Service, and
  • for any fixed period required by applicable legal, accounting, fraud-prevention, or security obligations.

Data is never retained longer than justified by these purposes.

8.2 Retention of Account Data

Account-related data, including identification details, authentication information, and essential security records, is retained for the entire lifetime of the User account.

This retention is necessary to:

  • ensure continuous access to the Service,
  • maintain account security and integrity, and
  • comply with operational and legal obligations.

8.3 Retention After Account Deletion

Following account termination, certain limited data may be retained solely where required by law or justified for legitimate purposes, including:

  • compliance with accounting or tax obligations,
  • fraud prevention and abuse detection,
  • resolution of disputes or legal claims, and
  • preservation of security evidence.

All other personal data is deleted or irreversibly anonymized within a reasonable timeframe, once such obligations no longer apply.

8.4 Security Logs Retention

Technical and security-related logs may be retained for a limited period not exceeding six (6) months, unless a longer retention period is required to:

  • investigate security incidents,
  • comply with legal obligations, or
  • protect the Platform against fraud or abuse.

After this period, logs are deleted or anonymized where feasible.

8.5 Retention of Uploaded Video Content

Video files uploaded to the Platform are stored only for short-term technical processing purposes and are typically deleted within twenty-four (24) hours after upload, unless temporary retention is required for:

  • technical troubleshooting,
  • security verification, or
  • legal compliance.

The Platform does not provide long-term storage of uploaded Content.

Publishers remain solely responsible for maintaining their own backups.

8.6 Backup Retention

Technical backups of Platform data are maintained for a limited rolling period not exceeding seven (7) days, strictly for:

  • disaster recovery,
  • system integrity restoration, and
  • operational continuity.

Backups are automatically overwritten or securely deleted after this rotation period.

8.7 Right to Erasure and Legal Limitations

Users may request deletion of their personal data in accordance with applicable data protection law.

However, erasure may be refused or delayed where continued retention is legally required, including for:

  • statutory accounting obligations,
  • fraud prevention and security monitoring,
  • defense of legal claims, or
  • compliance with binding legal orders.

In such cases, retained data is strictly limited to what is necessary for the relevant legal purpose.

8.8 Secure Deletion Measures

When data reaches the end of its retention period, the Operator implements appropriate technical and organizational measures to ensure:

  • secure deletion or irreversible anonymization, and
  • prevention of unauthorized recovery or reconstruction.

These measures are designed to comply with GDPR data minimization and storage limitation principles.

# 9. Cookies & Tracking Technologies

9.1 Use of Cookies and Similar Technologies

The Platform uses cookies and comparable tracking technologies to ensure proper operation, maintain security, and improve the overall user experience.

These technologies may be placed:

  • directly by the Platform (first-party cookies), or
  • by authorized third-party services involved in authentication, infrastructure, analytics, or integrations (third-party cookies).

All cookie usage is implemented in accordance with applicable GDPR and EU ePrivacy requirements.

9.2 Categories of Cookies Used

Cookies and similar technologies used on the Platform may include:

  • strictly necessary technical cookies, required for authentication, session management, and secure access to user accounts;
  • security-related cookies, helping detect abuse, fraud, or unauthorized access;
  • audience measurement or analytics cookies, where implemented to understand Platform usage and improve performance; and
  • third-party cookies, which may arise from integrations with external services or connected platforms.

No cookies are deployed beyond what is legally permitted and technically justified.

9.3 Purposes of Processing

Cookies may be used in particular to:

  • enable secure login and session continuity,
  • protect the Platform against malicious or fraudulent activity,
  • analyze usage patterns and improve technical performance, and
  • support integrations with third-party authentication or distribution services.

Such processing is limited to what is necessary for legitimate operational purposes or based on user consent where legally required.

9.4 Consent Mechanism

Where required by applicable law, the Platform provides a cookie consent mechanism allowing Users to:

  • accept or refuse non-essential cookies, and
  • manage their preferences before such cookies are stored or accessed.

Strictly necessary cookies may be used without prior consent where permitted by law.

9.5 Future Analytics or Measurement Tools

The Operator may introduce privacy-compliant analytics or audience measurement solutions in the future in order to better understand Platform performance and usage.

Any such implementation will:

  • comply with GDPR and ePrivacy rules,
  • respect user consent requirements where applicable, and
  • be reflected in an updated version of this Privacy Policy.

9.6 Third-Party Cookies and External Services

Certain third-party services connected to the Platform—such as authentication providers, infrastructure services, or social media integrations—may place or access cookies under their own responsibility.

In such cases:

  • those third parties act as independent data controllers, and
  • their cookie practices are governed by their own privacy and cookie policies, which Users are encouraged to review.

The Operator does not control subsequent processing performed by such third parties.

9.7 User Control Over Cookies

Users may control or limit cookie usage through:

  • the cookie consent interface provided on the Platform, and
  • browser-level settings allowing deletion or blocking of cookies.

Disabling certain cookies may affect availability or functionality of specific Platform features, particularly authentication and security mechanisms.

9.8 Legal Basis

Processing of data through cookies is based on:

  • the Operator’s legitimate interest in ensuring security, stability, and proper functioning of the Service, and/or
  • the User’s consent, where required for analytics, measurement, or non-essential technologies.

-

# 10. Final Provisions, Entry into Force, and Policy Updates

10.1 Entry into Force

This Privacy Policy becomes effective immediately upon its publication on the MaditSpirit website and all associated services, including:

  • maditspirit.com
  • publisher.maditspirit.com
  • Any related subdomains, dashboards, or digital platforms operated under the MaditSpirit brand.

It applies to all users, regardless of their date of registration, purchase, or first visit.

10.2 Duration of Applicability

This Privacy Policy remains valid for an indefinite period, unless modified or replaced by a newer legally compliant version.

Users are encouraged to review this document periodically to remain informed of how their personal data is processed and protected.

10.3 Policy Modifications

MaditSpirit reserves the right to update or modify this Privacy Policy at any time, particularly in response to:

  • Legal or regulatory changes (GDPR, CNIL, international privacy laws)
  • Technical or security updates
  • Introduction of new services, features, or data processing activities
  • Structural evolution of the Publisher platform or MaditSpirit ecosystem

The most recent version will always be available on this page, with an updated “Last Updated” date.

10.4 User Notification of Significant Changes

If a modification materially affects user rights, data processing methods, or legal obligations, users will be notified through:

  • Email notification, and/or
  • Platform notification within the MaditSpirit or Publisher interface.

This ensures full transparency and continued compliance with GDPR information obligations.

10.5 Continued Use as Acceptance

Continued use of the website, services, or platforms after the publication of an updated Privacy Policy constitutes:

  • Acknowledgment of the revised terms
  • Acceptance of the updated data processing conditions

If a user does not agree with the modifications, they must stop using the services and may request deletion of their personal data in accordance with Section 12 – GDPR Rights.

10.6 Legal Interpretation and Governing Framework

This Privacy Policy is drafted to ensure full compliance with the General Data Protection Regulation (EU) 2016/679 (GDPR) and applicable French data protection laws.

In case of inconsistency between translated versions, the English version shall prevail for legal interpretation purposes.

This document must be read in conjunction with:

  • The Terms and Conditions of Service
  • Any applicable legal notices or cookie policies

forming a coherent legal framework governing the MaditSpirit ecosystem.