Privacy policy

Version of february 21st 2025

The terms with an initial capital letter that are not defined in this Privacy Policy are defined in the General Terms and Conditions (T&Cs) available here.

The use of the website https://savorpariswithpaola.com and the purchase of Services involve the processing of Personal Data under the conditions and terms detailed in this Privacy Policy (hereinafter referred to as the “Processing”).

Personal Data is processed with the utmost confidentiality, in compliance with the provisions of French Law No. 78-17 of January 6, 1978, on Information Technology, Data Files, and Civil Liberties (hereinafter the “Data Protection Act”) and European Regulation No. 2016/679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data (hereinafter the “GDPR”).

1. Data Controller

The Data Controller responsible for processing Personal Data is the Seller, namely Paola HOSS, self-employed registered under SIRET No. 94039529600012 with its office at 32 Rue Médéric – 75017 Paris – Tel: 0033672897215– Email: foodvisits@hotmail.com.

2. Categories of Personal Data Collected

2.1 Data Collected About the Client for Account Creation, Service Booking, and Execution

Creating a Personal Account and ordering Services require the Client to provide the following information:

• First and last name

• Phone number

• Email address and postal address

• Date and details of the booked Services

(hereinafter referred to as “Client Booking Data”)

The Client may also be required to inform the Seller of any food allergies or intolerances (“Health Data”).

Fields marked with an asterisk (*) in the Standard Food Tour order form or in the tailored culinary experience inquiry form are mandatory. Without this information, the order cannot be completed.

2.2 Data Collected When Using the Website (Cookies)

The Website uses cookies, defined as a set of information that can be transmitted to the Client’s browser by a website they visit (hereinafter “Cookie(s)”), including:

https://www.shopify.com/fr/legal/cookies

3. Purposes – Legal Bases – Retention Periods

3.1 Personal Data Collected in the Context of Service Orders:

Personal Data

Legal Basis

Purposes

Retention Periods / Archiving

Client Booking Data

- Individual Client: Performance of the GTC (Article 6.1(b) GDPR)
- Individual linked to a Corporate Client: Legitimate interest of the Seller (Article 6.1(f) GDPR)

- Manage order processing
- Handle invoicing
- Communicate with the Client
- Organize the execution of Services
- Create and manage the Client’s Personal Account

- For the duration of the GTC
- Intermediate archiving for 5 years (Article 2224 of the French Civil Code)
- Data required for invoicing is archived for 10 years (Article L123-22 of the French Commercial Code)

Health Data

Consent of the Client (Article 6.1(a) GDPR)

- Ensure the Client’s safety
- Organize Services accordingly

- Until consent is withdrawn or full execution of Services
- No archiving

Client’s Email for Newsletter Subscription

Consent of the Client (Article 6.1(a) GDPR)

- Inform the Client about news and offers from the Seller

- Until unsubscribed or 3 years after the last contact
- No archiving

 

3.2 Data Collected Through the Use of the Website – Cookies:

https://www.shopify.com/fr/legal/cookies

4. Recipients of Personal Data

Personal Data is only intended for the authorized personnel of the Seller and is not disclosed to third parties other than those who have a legitimate need to access it.

5. Exercising Rights

5.1. The Client has the right, by writing at the address 32 rue Médéric 75017 Paris, to:

• Exercise their right of access to obtain information about their Personal Data and the details listed in Article 15 of the GDPR;

•Request the correction of their Personal Data if it is inaccurate or incomplete, in accordance with Article 16 of the GDPR;

• Request the deletion of their Personal Data under the conditions set out in Article 17 of the GDPR;

• Request the restriction of processing of their Personal Data under the conditions set out in Article 18 of the GDPR;

• Regarding the processing of Personal Data based on contract execution or consent, receive such data in a structured, commonly used, and machine-readable format, transfer it to another data controller, or have it transmitted directly if technically feasible.

5.2. For Personal Data processed based on legitimate interest, the concerned individuals may object to its processing for reasons related to their specific situation by writing to: foodvisits@hotmail.com.

5.3. For Personal Data processed based on consent, the Client may withdraw consent at any time by writing to:foodvisits@hotmail.com.

5.4. The Client also has the right to file a complaint with the French Data Protection Authority (Commission Nationale de l’Informatique et des Libertés - CNIL), either by mail or online: https://www.cnil.fr/.

5.5. For security reasons and to prevent fraudulent requests, the Seller reserves the right to request proof of identity before processing any rights-related request. This proof will be retained only until the identity is confirmed and the request is processed.

6. Transfers Outside the European Union

The Seller may use IT applications hosted outside the European Union in a country that has received an adequacy decision from the European Commission and/or ensure appropriate safeguards, in accordance with Articles 44 and following of the GDPR. These safeguards will be made available to the concerned individuals upon request.

7. Technical and Organizational Measures

The Seller implements necessary organizational, technical, software, and physical security measures to ensure the confidentiality, integrity, and security of Personal Data, particularly to prevent its alteration, damage, or unauthorized access.