Privacy Policy

The data controller responsible for processing your personal data is:

• Company: VoxArt Academy SAS
• Address: 24 Rue de la Voix Off, 75008 Paris, France
• DPO Email: dpo@voxart-academy.com

We collect the following categories of data based on your interactions with our platform:

• Identification Data: last name, first name, email address, phone number
• Payment Data: bank details (processed exclusively by our secure payment provider Stripe — we never store your card numbers)
• Navigation Data: IP address, browser type, pages visited, session duration (via anonymized analytical cookies)
• Educational Data: progress in modules, evaluation results, certificates obtained
• Communication Data: content of exchanges with our support team

Your data is processed for the following purposes, each based on a GDPR legal basis:

• Performance of Contract: managing your access to courses, invoicing, educational support
• Legal Obligation: retention of invoices and accounting documents (10 years)
• Legitimate Interest: improving our services, detecting fraud, IT security
• Consent: sending newsletters and promotional offers (opt-out possible at any time)

• Active Account Data: duration of the contractual relationship + 3 years after closure
• Billing Data: 10 years (legal accounting obligation)
• Navigation Data (analytical cookies): 13 months maximum
• Marketing Data: 3 years from the last contact
• Support Exchanges: 3 years from the closure of the file

We do not sell or lease your personal data. It may be transmitted to the following sub-processors, strictly within the framework of their missions:

• Stripe Inc. — secure payment processing (USA, PCI-DSS certified, Privacy Shield)
• Hostinger International Ltd. — data hosting (EEA)
• Mailchimp / Brevo — marketing email management (with your consent)
• Google LLC — analytics and advertising (anonymized data, consent-based)

Any transfer outside the EU is governed by Standard Contractual Clauses (SCCs) approved by the European Commission, in accordance with Article 46 of the GDPR.

In accordance with the GDPR and the French Data Protection Act, you have the following rights regarding your personal data:

• Right of Access — obtain a copy of your data
• Right to Rectification — correct inaccurate data
• Right to Erasure — request deletion of your data
• Right to Portability — receive your data in a structured format
• Right to Object — object to processing for marketing purposes
• Right to Restriction — temporarily block the processing of your data
• Right to Withdraw Consent at any time (without retroactive effect)

Our site uses the following categories of cookies:

• Strictly Necessary Cookies: authentication, cart, language preferences — always active, do not require consent
• Analytical Cookies: audience measurement via Google Analytics (anonymized) — subject to consent
• Advertising Cookies: conversion tracking for Google Ads — subject to explicit consent

You can manage your cookie preferences at any time by clicking on "Manage cookies" at the bottom of the page, or through your browser settings.

We implement appropriate technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction:

• TLS/SSL encryption of all communications
• Encryption at rest for sensitive databases
• Access to data limited to authorized personnel only
• Regular security audits and penetration testing
• Incident response plan compliant with Article 33 of the GDPR (notifying CNIL within 72h in the event of a breach)

For any questions regarding the protection of your personal data or to exercise your rights, you can contact our Data Protection Officer:

• Email: dpo@voxart-academy.com
• Mail: VoxArt Academy SAS — DPO, 24 Rue de la Voix Off, 75008 Paris, France
• Response Time: 30 business days maximum

You also have the right to lodge a complaint with the competent supervisory authority, the CNIL (3 Place de Fontenoy – TSA 80715 – 75334 Paris Cedex 07).