Privacy policy

Last updated: 19/02/2026

This Privacy Policy describes the methods of processing personal data of users who visit and use the website and the e-learning platform Maestra Academy SAS (hereinafter, the “Website” or the “Platform”), in accordance with Regulation (EU) 2016/679 (GDPR) and the applicable data protection legislation.

1. Data Controller

The Data Controller of personal data is:

Maestra Academy SAS
Registered office: Rue de Fraescaty 123, 57160 Moulins-lès-Metz – France
VAT number: FR990958415
Contact email: privacy@maestraacademy.com

No Data Protection Officer (DPO) has been appointed.

2. Type of platform

The Website provides an online training platform that includes:

Digital academy
On-demand video courses
Content reserved for registered users
Paid services via e-commerce

Access to the content may be free of charge or subject to payment, upon user account registration.

3. Types of personal data processed

3.1 Data provided directly by the user

During registration, purchase, or use of the Platform, the following data may be collected:

Account data

First name
Last name
Email address
Username
Password (encrypted)
Phone number

Billing data

First and last name
Company
Country
Province/Region
City
Postal code
Full address

Shipping data (if required)

First and last name
Company
Country
Province/Region
City
Postal code
Full address

Credential management

Current password
New password
New password confirmation

3.2 Payment data

Payments are managed through certified external providers.
The Data Controller does not store or directly process complete payment card details.

The payment services used include:

Stripe
PayPal
Klarna
Alma

Payment data is processed exclusively by the respective providers in accordance with their own privacy policies.

3.3 Browsing and technical data

While browsing, the following data may be automatically collected:

IP address
Access logs
Date and time of requests
Browser and device type
Operating system
User-Agent
Data related to security and fraud prevention

Such data is used for statistical purposes, security, and proper functioning of the Website.

4. Purposes of processing

Personal data is processed for the following purposes:

Creation and management of user accounts
Access to the platform and training content
Management of purchases and payments
Fulfillment of tax and accounting obligations
Customer support and technical assistance
Service-related communications
Statistical analysis and service improvement
Security, fraud, and abuse prevention
Compliance with legal obligations

5. Legal basis of processing

The processing of personal data is based on:

Performance of a contract or pre-contractual measures
Compliance with legal obligations
User consent (where required)
Legitimate interest of the Data Controller in ensuring security and improving the service

6. Processing methods

Processing is carried out using electronic and telematic tools, in compliance with the principles of lawfulness, fairness, transparency, data minimization, and security as set out in the GDPR.

Appropriate technical and organizational measures are adopted to prevent unauthorized access, loss, destruction, or unlawful disclosure of data.

7. Data retention

Personal data is retained for the time strictly necessary to achieve the purposes for which it was collected:

Account data: until account deletion
Tax and accounting data: up to 10 years
Payment data: according to the retention periods established by the providers
Security logs: up to 12 months
Statistical data: in aggregated or anonymized form

8. Cookies and tracking tools

The Website uses technical cookies, analytical cookies, and, subject to consent, profiling cookies.

Tools used

Google Analytics
Yoast SEO
Cookiebot

Cookie consent is managed through a dedicated banner.
For further details, please refer to the dedicated Cookie Policy.

9. Third-party services and providers

Data processing may involve external providers appointed as Data Processors, including:

Hosting and cloud infrastructure: Amazon AWS
CDN and security: Cloudflare
Platform: WordPress, WooCommerce
Payments: Stripe, PayPal, Klarna, Alma
Cookie management: Cookiebot (Usercentrics)
IT services and maintenance: Fochale

10. Transfer of data outside the EU

Some providers may process data outside the European Union.
In such cases, data transfers are carried out in compliance with Articles 44 et seq. of the GDPR, through:

Standard Contractual Clauses (SCC)
Adequacy decisions
Other safeguards provided by applicable law

11. Data subject rights

Users have the right to:

Access their personal data
Request rectification or updating
Obtain deletion of data
Restrict processing
Object to processing
Request data portability
Withdraw consent at any time
Lodge a complaint with the competent Supervisory Authority

Requests may be sent to: privacy@maestraacademy.com

12. Data security

The Data Controller adopts appropriate security measures, including:

HTTPS connection
Firewalls and server protections
Periodic backups
Restricted access and secure authentication
System log monitoring

13. Minors

The Platform is intended for adult users only.
Personal data of minors is not knowingly collected without parental consent or authorization by a legal guardian.

14. Changes to the Privacy Policy

The Data Controller reserves the right to modify this Privacy Policy at any time.
Any changes will be published on this page with an updated revision date.

15. Contact details

For any information regarding the processing of personal data, users may contact:
privacy@maestraacademy.com