Privacy Policy

MD&Co – mariediez.com

Last updated: 25 April 2026

This Privacy Policy explains how MD&Co (“we”, “us”, “our”) collects, uses, and protects your personal information when you visit mariediez.com or work with us through the Clarity Sprint.

We keep things simple and treat your data the way we’d want ours treated: collected only when needed, stored securely, and never sold to anyone. Ever.

1. Who we are

MD&Co is a freelance web design business operated by Marie Diez, registered as a French micro-entreprise (Bergerac, France – APE code 7410Z, BNC category).

For any privacy-related question, you can reach us at hello@mariediez.com.

We are the data controller for the personal information described in this policy, in accordance with the EU General Data Protection Regulation (GDPR).

2. What we collect and why

We only collect the information we genuinely need to run the business and serve you well. Here’s the full picture:

2.1 When you browse mariediez.com

  • Analytics data – anonymised information about your visit (pages viewed, approximate location, device type, referral source) collected through Google Analytics. This helps us understand what’s working on the site.
  • Technical data – your browser type, IP address (anonymised), and basic log data, automatically collected by our hosting provider for security and performance.

2.2 When you apply for the Clarity Sprint

The application form (hosted on Tally) collects information you choose to share with us, typically:

  • your name and email address;
  • your business name, website (if any), and a description of your project;
  • any context, goals, or preferences you wish to share.

We use this information to assess whether the Clarity Sprint is the right fit for your project and to follow up with you.

2.3 When we work together

If we move forward with a Clarity Sprint, we may also collect:

  • contact details (full name, email, phone number if you share it);
  • billing information (business name, address, VAT or registration number where applicable);
  • project content you provide (text, images, brand assets, login credentials for your website, hosting, or domain);
  • communications exchanged by email or through our Notion client portal.

2.4 When you contact us

If you email us directly, we keep our exchange so we can respond properly and follow up if needed.

3. Legal basis for processing (GDPR)

Under the GDPR, we rely on the following legal bases to process your personal data:

  • Performance of a contract – to deliver the Clarity Sprint and related services you’ve booked with us.
  • Legitimate interest – to respond to your enquiries, manage our business, and improve our website.
  • Consent – for analytics cookies and any optional communications. You can withdraw consent at any time.
  • Legal obligation – to keep accounting and tax records as required by French law.

4. Tools and third parties we use

We use trusted third-party services to run the business. Each of them processes your data on our behalf, under their own privacy policies:

  • Google Analytics (Google LLC) – website traffic and usage analytics.
  • Tally (Tally B.V.) – hosts the Clarity Sprint application form.
  • Gmail / Google Workspace (Google LLC) – email communication and storage.
  • Notion (Notion Labs Inc.) – client portal for project documentation and collaboration.
  • Indy (Georges SAS) – invoicing and accounting.
  • Web hosting provider – to host mariediez.com and store its data.

Some of these providers are based outside the European Economic Area (notably in the United States). When that’s the case, transfers are protected by appropriate safeguards such as the EU-U.S. Data Privacy Framework or Standard Contractual Clauses approved by the European Commission.

5. Cookies

Our website uses a small number of cookies:

  • Essential cookies – required for the site to function correctly. These don’t require consent.
  • Analytics cookies – set by Google Analytics to help us understand how visitors use the site. These are only set with your consent.

You can accept, refuse, or withdraw your consent at any time through the cookie banner displayed on your first visit, or by adjusting your browser settings.

6. How long we keep your data

We don’t keep your data longer than we need to. As a general rule:

  • Application form submissions: up to 12 months if we don’t end up working together.
  • Client project files and communications: up to 3 years after the end of our engagement, then deleted or archived securely.
  • Invoicing and accounting records: 10 years, as required by French law.
  • Analytics data: anonymised and retained for a maximum of 14 months.

7. How we protect your data

We take reasonable steps to keep your information secure: strong passwords, two-factor authentication on key accounts, encrypted connections (HTTPS), and access limited to Marie Diez only.

That said, no system is ever 100% secure. If a data breach were to affect your information, we would notify you and the relevant authority (the CNIL in France) as required by law.

8. Your rights under the GDPR

You have the right to:

  • access the personal data we hold about you;
  • correct any inaccurate or incomplete information;
  • request deletion of your data (the “right to be forgotten”), where applicable;
  • restrict or object to certain processing;
  • request a copy of your data in a portable format;
  • withdraw your consent at any time, where consent is the basis for processing;
  • lodge a complaint with the CNIL (the French data protection authority) if you feel your rights have not been respected.

To exercise any of these rights, just send an email to hello@mariediez.com. We’ll respond within 30 days.

9. Sharing your data

We don’t sell, rent, or trade your personal data. The only people or entities who may access it are:

  • Marie Diez, as the sole operator of MD&Co;
  • the third-party service providers listed in section 4, strictly to perform their service;
  • French tax authorities or other public authorities, if legally required.

10. Children’s data

Our services are intended for business owners and professionals. We do not knowingly collect personal information from anyone under 16. If you believe a minor has provided us with personal data, please contact us so we can remove it.

11. Changes to this policy

We may update this Privacy Policy from time to time. The “Last updated” date at the top of this page reflects the most recent version. For any significant change, we’ll do our best to let active clients know directly.

12. Contact

Questions, concerns, or requests about this Privacy Policy or your data?

Email us at hello@mariediez.com – we read every message and will get back to you within a few business days.

MD&Co – Marie Diez – mariediez.com