Privacy policy

1. Data controller

The controller is Les Flambino (personal blog), represented by its editors, reachable at contact@flambino.fr.

For any question about your personal data or exercising your rights, please write to the same address.

2. Hosting and technical logs

The site is hosted on technical infrastructure used to serve pages. Technical logs may be kept (IP address, date and time, browser, page requested, HTTP status) to ensure security, diagnostics and proper operation.

Processing relies on our legitimate interests (security and maintenance) and is limited in time according to the host’s practices.

3. Contact form

When you send a message via the contact form, we process:

• Email address (required)
• Phone number (optional)
• Message content and, where applicable, a source field (page or section of origin)

Purposes: reply to your request, follow up, improve the service.
Legal basis: steps prior to a contract at your request and/or our legitimate interest in handling reader messages.

Messages are stored in a secure server-side store and an email notification may be sent to the editors. Email delivery uses the provider configured for the site.

4. Public comments (“About” and “Support us”)

When you post a comment, we process:

• Nickname or display name
• Comment text
• Internal posting date

Comments are moderated before they may appear. Editors may receive an email notification for new comments.

Purposes: display approved messages, engage the community, prevent abuse.
Legal basis: your consent by submitting the form, together with our legitimate interests in moderation and security.

Visible comments are public (nickname and text). Do not include sensitive information you do not want published.

5. “Become a partner” page

The form works like the contact form: data (company name, email, message) are sent to our server, stored so we can process the request, and a notification email may be sent. Submission is not delegated to an external form provider.

Requests are managed in the site’s administration area (status, deletion), similar to contact messages.

6. Anti-spam measures

To limit abusive automated submissions, we use proportionate technical measures:

• an invisible honeypot field;
• a signed timestamp token;
• rate limiting per IP over a short window (roughly one hour) using server-side cache counters;
• when you accept cookies via the banner, Google reCAPTCHA v3 may add a risk score to form submissions.

Purposes: site security and spam prevention.
Legal basis: legitimate interests (GDPR Art. 6(1)(f)), with limited impact and short retention for related technical data.

7. Optional site access code

When access protection is enabled, the browser may store minimal data in sessionStorage to remember access for the session. This is not used for advertising profiling and does not send personal data to third parties for that purpose.

8. Cookie banner and consent

When third-party tools are enabled, a banner lets you accept or refuse loading scripts. You can change your choice anytime via “Cookie settings” in the footer (it reopens the banner).

We store your choice in a cookie named flambino_cookies for about six months, site path, SameSite=Lax: value all if you choose Accept all, or none if you choose Reject all. Until you accept, related scripts are not loaded (except strictly necessary cookies).

9. Google reCAPTCHA v3

When enabled, we use Google reCAPTCHA v3 to assign a risk score to form submissions (contact, comments, partnership) without a visible checkbox. A browser token is verified server-side with Google (siteverify).

Purposes: prevent spam and automated abuse.
Legal basis: your consent via the cookie banner (Google script only after “Accept all”), plus our legitimate interests in security for server-side verification when the service is active.

Technical documentation: reCAPTCHA v3 — Google policy: Google Privacy Policy.

10. Audience measurement (Umami)

We may use Umami for aggregated, privacy-oriented analytics. The script is only loaded after consent (“Accept all”) when Umami is enabled in configuration.

Data is processed by Umami Cloud (or the configured instance). See Umami’s privacy policy.

Legal basis: consent for loading the script; you may withdraw consent by deleting the cookie or choosing “Reject all” and reloading.

11. Cookies and server session

The site may set strictly necessary cookies (for example a Symfony session cookie for certain features such as the editors’ admin area). These cookies are not used for personalised advertising on this blog.

12. Retention (principles)

Contact messages, partnership requests and comments are kept as long as needed for processing, moderation (if any) and a reasonable blog history, unless a valid erasure request applies or law requires otherwise. Anti-spam counters by IP are kept for a short period (around one to a few hours, depending on server cache).

13. Recipients

Data from forms managed by the site go to the blog editors and, where needed, strictly necessary technical processors (hosting, email). When reCAPTCHA or Umami is used, Google or Umami may process certain technical data under their policies if you consented to loading the scripts.

We do not sell your personal data.

14. Your rights

Under the GDPR you may have the following rights, subject to legal conditions:

• access and rectification;
• erasure and restriction;
• data portability for data you provided where processing is automated and based on consent or contract;
• the right to lodge a complaint with the CNIL (www.cnil.fr).

To exercise your rights, email contact@flambino.fr describing your request and, if relevant, the email or nickname used on the form so we can respond appropriately.

Last updated: 14 May 2026.