This privacy policy applies to all visitors of Napoleon Empire (empirenapoleon.com), regardless of their geographic location. We comply with the GDPR (EU/EEA/UK), CCPA/CPRA (California), LGPD (Brazil), PIPEDA (Canada), PDPA (Thailand/Singapore), and any other applicable regulation in your country.
1. Data Controller
The data controller is the publisher of the Napoleon Empire website. To exercise your rights or ask any question about this policy, contact us at: contact [at] empirenapoleon [dot] com.
As a non-commercial informational website, we have not formally appointed a Data Protection Officer (DPO), but all data requests are handled promptly, within 30 days at the latest.
2. Data Collected and Legal Bases
We collect only data strictly necessary for the purposes described below.
2.1 Automatically collected data
- IP address (anonymised where possible) — legal basis: legitimate interest (security, abuse prevention)
- Navigation data: pages visited, session duration, browser, OS — legal basis: consent (optional analytics)
- Cookie preferences stored in localStorage — legal basis: legal obligation (proof of consent)
2.2 Third-party data
- Google AdSense: if you have consented to advertising cookies, Google may collect data according to its own privacy policy. Google acts as an independent data controller for its own services.
- Affiliate links: clicks on affiliate links (Amazon, etc.) are subject to the privacy policies of the respective platforms. We do not transmit any personally identifiable data to these platforms.
2.3 Data not collected
We collect no sensitive data (health, racial origin, political opinions, etc.), no user accounts are created, and no registration forms exist on this site.
3. Purposes and Retention
| Purpose | Legal basis | Retention |
|---|---|---|
| Site security and integrity | Legitimate interest | 30 days (logs) |
| Audience measurement (analytics) | Consent | 13 months max |
| Personalised advertising | Consent | Per third party (Google) |
| Cookie preferences | Legal obligation | 12 months |
4. International Data Transfers
Some sub-processors (Google, Netlify) may process data outside the EU/EEA. These transfers are made under Standard Contractual Clauses (SCCs) approved by the European Commission, or equivalent mechanisms recognised by your national legislation.
Netlify, Inc. (host) — United States — SCC compliant. See Netlify's GDPR/CCPA policy.
Google LLC — United States/worldwide — EU-US Data Privacy Framework compliant. See Google's policy.
5. Your Rights by Location
5.1 GDPR — EU / EEA / UK Residents
- Access: obtain a copy of your personal data
- Rectification: correct inaccurate data
- Erasure ("right to be forgotten"): delete your data
- Portability: receive your data in a structured format
- Objection: object to processing based on legitimate interest
- Restriction: restrict processing in certain cases
- Withdraw consent: at any time, without retroactive effect
You also have the right to lodge a complaint with your national supervisory authority (e.g. ICO in the UK: ico.org.uk).
5.2 CCPA / CPRA — California Residents
- Right to know what personal information is collected
- Right to delete your personal information
- Right to correct inaccurate information
- Right to opt out of sale or sharing (see section 6)
- Right to non-discrimination for exercising your rights
5.3 LGPD — Brazil Residents
Pursuant to the Lei Geral de Proteção de Dados, you have rights of access, rectification, anonymisation, portability, objection, and revocation of consent. Contact: same address as the data controller.
5.4 PIPEDA — Canada Residents
Pursuant to the Personal Information Protection and Electronic Documents Act, you have the right to access your personal information and request correction. You may withdraw consent at any time, subject to legal restrictions.
5.5 Other countries
We respect the fundamental principles of data protection (minimisation, purpose limitation, security) for all visitors, regardless of location.
6. Do Not Sell / Share My Data (CCPA/CPRA)
We do not sell your personal data to third parties within the meaning of CCPA/CPRA. If advertising partners (Google AdSense) use cookies to personalise ads, this activity may constitute "sharing" under California law.
To exercise your opt-out right: refuse advertising cookies via our consent banner, or contact us directly. The banner can be accessed at any time by clearing the consent key from your browser's localStorage.
7. Security
The site is served exclusively over HTTPS. No sensitive data is stored on our own servers. Netlify access logs are limited and subject to Netlify's security guarantees (SOC 2 Type II).
8. Cookies
For details on cookies used, their purposes, durations and management options, see our Cookie Policy.
9. Changes
This policy may be updated to reflect legal or technical developments. The last updated date is shown at the top of the page. We will indicate any material changes prominently on the site.
10. Contact
To exercise your rights or for any question about this policy: contact [at] empirenapoleon [dot] com.
We commit to responding within 30 days (GDPR legal deadline) of receiving your request.