Privacy Policy

Last Updated: October 27, 2025

1. Introduction

MSA Benmekki's Team ("we", "us", "our") operates the website at benmekki.com ("Website", "Platform"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our Website.

We are committed to protecting your privacy and complying with applicable data protection laws, including the GDPR (General Data Protection Regulation), the French Data Protection Act ("Loi Informatique et Libertés"), and other relevant regulations.

2. Legal Framework

This Privacy Policy complies with:

• GDPR (Regulation EU 2016/679) - European data protection regulation
• Loi Informatique et Libertés (modified 2018) - French data protection law
• ePrivacy Directive (Directive 2002/58/EC) - Electronic communications privacy
• CNIL (Commission Nationale de l'Informatique et des Libertés) - French data protection authority guidelines

3. Data Controller

Data Controller:
Malik Benmekki
Email: contact@benmekki.com
Location: France

For any questions or concerns about your personal data, please contact us at the email address above.

4. What Information We Collect

4.1 Information You Provide Directly

When you use our Website, you may voluntarily provide:

Account Registration:

• Email address
• Full name
• Password (encrypted and securely stored)

Contributor Applications:

• Full name
• Email address
• GitHub profile URL
• LinkedIn profile URL
• Areas of expertise
• Motivation and experience information

Newsletter Subscription:

• Email address
• Subscription preferences

Contact Forms:

• Name
• Email address
• Message content

4.2 Information Collected Automatically

When you visit our Website, we automatically collect:

Technical Information:

• IP address (anonymized after 30 days)
• Browser type and version
• Device type (desktop, mobile, tablet)
• Operating system
• Referrer URL
• Pages visited and time spent
• Date and time of access

Analytics Data:

• Page views and navigation patterns
• Session duration
• Geographic location (country and city level only)
• User agent information

4.3 Cookies and Similar Technologies

We use cookies and similar tracking technologies. See Section 11 for detailed information about our cookie usage.

5. Legal Basis for Processing (GDPR Article 6)

We process your personal data based on the following legal grounds:

Consent (Article 6(1)(a)):

• Newsletter subscriptions
• Optional cookies (analytics, preferences)

Contract Performance (Article 6(1)(b)):

• User account creation and management
• Providing contributor access to platform features

Legitimate Interests (Article 6(1)(f)):

• Website analytics and improvement
• Security and fraud prevention
• Technical functionality and optimization

Legal Obligation (Article 6(1)(c)):

• Compliance with French and EU law
• Record keeping as required by law

You have the right to withdraw consent at any time without affecting the lawfulness of processing based on consent before its withdrawal.

6. How We Use Your Information

We use collected information for the following purposes:

6.1 Service Provision

• Create and manage user accounts
• Process contributor applications
• Enable article, project, and resource submissions
• Send transactional emails (account confirmations, password resets)

6.2 Communication

• Send newsletter updates (with your consent)
• Respond to inquiries and support requests
• Send important platform notifications
• Communicate with contributors about submissions

6.3 Analytics and Improvement

• Analyze website usage patterns
• Improve user experience and functionality
• Identify technical issues and bugs
• Generate aggregate statistics

6.4 Security and Legal Compliance

• Prevent fraud and abuse
• Enforce our Terms of Service
• Comply with legal obligations
• Maintain audit logs for security purposes

7. Data Sharing and Disclosure

7.1 We Do NOT Sell Your Data

We never sell, rent, or trade your personal information to third parties for marketing purposes.

7.2 Service Providers

We share data with trusted service providers who assist us in operating the Website:

Supabase (Database Hosting):

• Purpose: Database and authentication services
• Location: EU data centers (GDPR compliant)
• Data: Account information, content submissions, analytics
• Privacy Policy: https://supabase.com/privacy

Email Service Provider:

• Purpose: Transactional and newsletter emails
• Data: Email addresses, names
• Compliance: GDPR compliant service

All service providers are contractually obligated to protect your data and use it only for specified purposes.

7.3 Legal Requirements

We may disclose your information when required by law or to:

• Comply with legal processes (court orders, subpoenas)
• Enforce our Terms of Service
• Protect rights, property, or safety of our users
• Prevent fraud or security threats

7.4 Public Information

Content you submit and publish on our Website (articles, projects, comments) is publicly accessible. Do not include sensitive personal information in public submissions.

8. Data Retention

We retain your personal data only as long as necessary for the purposes outlined in this Privacy Policy:

Account Data:

• Retained while your account is active
• Deleted within 30 days of account deletion request
• Backup copies deleted within 90 days

Analytics Data:

• IP addresses anonymized after 30 days
• Aggregate analytics retained indefinitely (anonymized)
• Session data retained for 12 months

Audit Logs:

• Retained for 2 years for security and compliance
• Contains user actions and system events

Newsletter Subscriptions:

• Retained until you unsubscribe
• Deleted within 7 days of unsubscribe request

Legal Obligations:

• Data required by law retained for the legally mandated period

9. Your Rights Under GDPR and French Law

You have the following rights regarding your personal data:

9.1 Right of Access (Article 15)

Request a copy of all personal data we hold about you.

9.2 Right to Rectification (Article 16)

Correct inaccurate or incomplete personal data.

9.3 Right to Erasure / "Right to be Forgotten" (Article 17)

Request deletion of your personal data when:

• No longer necessary for the purposes collected
• You withdraw consent
• You object to processing
• Data processed unlawfully

9.4 Right to Restriction of Processing (Article 18)

Request limitation of processing in certain circumstances.

9.5 Right to Data Portability (Article 20)

Receive your personal data in a structured, machine-readable format and transfer it to another controller.

9.6 Right to Object (Article 21)

Object to processing based on legitimate interests or for direct marketing purposes.

9.7 Right to Withdraw Consent

Withdraw consent at any time for processing based on consent.

9.8 Right to Lodge a Complaint

File a complaint with a supervisory authority:

France (CNIL):
Commission Nationale de l'Informatique et des Libertés
3 Place de Fontenoy, TSA 80715
75334 PARIS CEDEX 07
Website: https://www.cnil.fr
Phone: +33 1 53 73 22 22

EU Data Protection Authorities:
https://edpb.europa.eu/about-edpb/about-edpb/members_en

9.9 How to Exercise Your Rights

To exercise any of these rights, contact us at:
Email: contact@benmekki.com
Subject Line: "Privacy Rights Request - [Your Right]"

We will respond within one month of receiving your request, as required by GDPR Article 12(3).

10. International Data Transfers

Your data is primarily stored and processed in the European Union (EU) on servers located in EU data centers to ensure GDPR compliance.

If data is transferred outside the EU, we ensure adequate protection through:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Adequacy decisions for countries with equivalent data protection
• Binding Corporate Rules where applicable

11. Cookies and Tracking Technologies

11.1 What Are Cookies?

Cookies are small text files stored on your device when you visit a website.

11.2 Types of Cookies We Use

Strictly Necessary Cookies:

• Purpose: Essential website functionality
• Legal Basis: Legitimate interest
• Examples: Authentication, security, session management
• Cannot be disabled

Analytics Cookies:

• Purpose: Website usage statistics
• Legal Basis: Consent (where required) or legitimate interest
• Examples: Page views, session duration, navigation patterns
• Can be disabled

Preference Cookies:

• Purpose: Remember your settings and preferences
• Legal Basis: Consent or legitimate interest
• Examples: Language preference, display settings
• Can be disabled

11.3 Third-Party Cookies

We do not use third-party advertising cookies. Any third-party cookies are limited to essential service providers (e.g., Supabase for authentication).

11.4 Managing Cookies

You can control cookies through:

• Browser Settings: Most browsers allow you to refuse or delete cookies
• Cookie Preferences: [Adjust your preferences here] (if we implement a cookie banner)

Disabling cookies may limit Website functionality.

11.5 Do Not Track (DNT)

We respect browser "Do Not Track" signals where technically feasible.

12. Data Security

We implement robust security measures to protect your personal data:

12.1 Technical Measures

• Encryption: SSL/TLS encryption for data in transit
• Password Security: Bcrypt hashing for stored passwords
• Database Security: Row Level Security (RLS) policies
• Access Controls: Role-based access restrictions
• Regular Backups: Encrypted and secure backup systems

12.2 Organizational Measures

• Limited Access: Only authorized personnel can access personal data
• Security Training: Team members trained on data protection
• Audit Logs: Comprehensive logging of data access and modifications
• Incident Response: Procedures for data breach notification

12.3 Data Breach Notification

In the event of a data breach affecting your personal data, we will:

• Notify the relevant supervisory authority within 72 hours (GDPR Article 33)
• Notify affected individuals without undue delay if high risk (GDPR Article 34)
• Provide information about the breach and mitigation measures

13. Children's Privacy

Our Website is not intended for children under 16 years of age (or the minimum age in your jurisdiction). We do not knowingly collect personal data from children.

If you are a parent or guardian and believe your child has provided personal data, please contact us at contact@benmekki.com, and we will delete the information immediately.

14. Third-Party Links

Our Website may contain links to external websites. We are not responsible for the privacy practices of third-party sites. Please review their privacy policies before providing personal information.

15. Changes to This Privacy Policy

We may update this Privacy Policy to reflect:

• Changes in laws and regulations
• New features or services
• Feedback from users or authorities

Notification of Changes:

• Updated "Last Updated" date at the top of this page
• Email notification for material changes (if you have an account)
• Prominent notice on the Website

Continued use of the Website after changes constitutes acceptance of the updated Privacy Policy.

16. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or your personal data:

Email: contact@benmekki.com
Response Time: Within 1 month (GDPR requirement)

For data protection inquiries:
Subject Line: "Privacy Inquiry - [Topic]"

For data subject rights requests:
Subject Line: "Privacy Rights Request - [Your Right]"

17. Data Protection Officer (DPO)

Under GDPR Article 37, organizations processing large amounts of sensitive data must appoint a Data Protection Officer. Currently, our data processing does not require a DPO, but you can contact us directly for all privacy matters.

18. Specific Rights for French Users

As a French user, you have additional rights under Loi Informatique et Libertés:

• Right to define directives regarding the fate of your personal data after death (Article 85)
• Right to object to commercial prospecting
• Additional protection for sensitive data

To exercise these rights, contact us at contact@benmekki.com.

---

Summary

This Privacy Policy explains: ✓ What personal data we collect and why
✓ How we use and protect your data
✓ Your rights under GDPR and French law
✓ How to contact us with privacy concerns

We are committed to transparency, security, and respecting your privacy rights.

---

Legal References

1. GDPR - Regulation (EU) 2016/679 (General Data Protection Regulation)
2. Loi Informatique et Libertés - French Law No. 78-17 (modified 2018)
3. ePrivacy Directive - Directive 2002/58/EC
4. French Data Protection Authority (CNIL) - https://www.cnil.fr
5. European Data Protection Board (EDPB) - https://edpb.europa.eu

---

Last reviewed and updated: October 27, 2025