The Collection Paris . Club exclusif de collectionneur automobile

PRIVACY POLICY

The club "THE COLLECTION PARIS" (hereinafter referred to as " the Club") aims to bring together collectors of luxury and classic vehicles within a club dedicated to the art of automotive lifestyle, offering members the opportunity to access a number of activities (quarterly meetings, event evenings, rallies, etc.) and, for those who wish, subject to the availability of spaces, to park their vehicle(s) within a secure area located on level -4 of the underground public parking located at 28, Place Vendôme in PARIS (75001) (hereinafter referred to as "the Private Gallery").

The Club is managed by the company THE COLLECTION VENDÔME (hereinafter referred to as "TCV" or " We"), a simplified joint-stock company with a capital of €375,001.23 registered with the PARIS Trade and Companies Register under number 898 104 518 whose registered office is at 48, rue Lecourbe -- 75015 PARIS.

TCV, in its capacity as data controller within the meaning of the regulations in force regarding the protection of personal data, attaches great importance to the protection and respect of your privacy.

This privacy policy (as well as our General Terms of Service or any other document referred to therein) aims to inform you, in accordance with Regulation (EU) No. 2016-679 of April 27, 2016, on the protection of individuals with regard to the processing of personal data and on the free movement of such data (hereinafter the "GDPR"), of our practices regarding the collection, use, and sharing of the information you provide to us through our website www.thecollectionparis.com (hereinafter "the Site"), and/or your membership in the Club and when you benefit from our services (access to the Private Gallery, participation in our events or meetings, etc.) (hereinafter "the Services").

This document aims to inform you about the categories of personal data that we collect about you, how we use them, with whom we share them, how we protect them, and the rights you have over your personal data in accordance with the applicable regulations.

1. The Data We Collect

We may collect and process your personal data (hereinafter referred to as "the Data") in different contexts.

When you join the Club, we collect the following Data (including, in particular, the membership form):

Your title;
Your last name and first name,
Your date and place of birth;
Your phone number;
Your email address;
Information about your profession or your company;
Information about your vehicle(s) (make, model, year);
Other information requested during your membership (ID, company registration certificate, vehicle registration documents, insurance certificates);
The amount of your Club membership fees and other financial information;
Information about your sponsor (name, first name, address, phone number, email address), which you provide to us with their consent.

Furthermore, by using or browsing the Site, you may provide us with information, some of which may identify you and therefore constitutes personal data within the meaning of the GDPR. These Data include, in particular, the following:

Data related to navigation, which we collect during your navigation on the Site such as the date, time of connection and/or navigation, type of browser, browser language, or your IP address.
Your email address, your name, and your phone number in order to respond to your request via the contact form.

When collecting Data, you will be informed if certain Data must be provided mandatorily or if they are optional, in accordance with the applicable regulations.

2. Purposes and legal bases of processing

We use your Data for the purposes listed below, and according to the following legal bases:

Purposes	Legal basis
Management of your membership in the Club	Performance of a contract residing in the acceptance of our General Terms of Service (art. 6.1.b) of the GDPR)
Management of our events	Performance of a contract residing in the acceptance of our General Terms of Service (art. 6.1.b) of the GDPR)
Sending information messages related to our Services	Performance of a contract residing in the acceptance of our General Terms of Service (art. 6.1.b) of the GDPR)
Management of the commercial relationship (billing, accounting, etc.)	Performance of a contract residing in the acceptance of our General Terms of Service (art. 6.1.b) of the GDPR)
Sending newsletters and marketing or advertising messages or content.	Consent (art. 6.1.a) of the GDPR)
Responding to your information requests on the Site	Consent (art. 6.1.a) of the GDPR)
Improvement and optimization of our Services	Legitimate interests of TCV (art. 6.1.f) of the GDPR)
Management of our Site; carrying out internal technical operations in the context of troubleshooting, testing, research, analysis, studies, surveys	Legitimate interests of TCV (art. 6.1.f) of the GDPR)
Management of the video surveillance system deployed within the Private Gallery to ensure the safety of people and vehicles, as a deterrent, or to identify perpetrators of theft or assaults.	Legitimate interests of TCV (art. 6.1.f) of the GDPR)

When the processing of your Data is based on consent, you can withdraw it at any time.

TCV may also be required to process your Data in response to a judicial request (search warrant, court order, or other) or to comply with legal, regulatory, judicial, or administrative obligations.

Finally, TCV may process your Data to detect or prevent fraudulent activities or security breaches of its Services, in accordance with and in compliance with legal and regulatory provisions, or to analyze reports of members who have engaged in behavior contrary to our General Terms of Service or Internal Regulations.

3. Recipients of your data

The Data we collect, as well as those collected subsequently, are intended for us as the data controller.

In this regard, we ensure that only authorized persons can access this Data.

3.1. Data transferred to authorities and/or public bodies

In accordance with the regulations in force, the Data may be transmitted to the competent authorities upon request and in particular to public bodies, judicial officers, ministerial officers, organizations responsible for debt collection, exclusively to meet legal obligations, as well as in the case of the search for the perpetrators of offenses committed on the internet.

3.2. Data transferred to third parties

We maintain close collaborations with third-party companies that may have access to your Data, including:

Our technical service providers (subcontractors) whom we use to operate and improve our Services, particularly regarding Data hosting, studies, analyses and statistics, use of the Site and/or the proper functioning of the Site and providing necessary assistance to its users.
Our business partners for our member events and experiences, namely the transmission of relevant information for booking spaces such as restaurants and hotels. The information transmitted is only of a nominative nature, namely first and last name.

We only transmit to these third parties the Data they need to perform their services, and we require that they do not use your Data for other purposes.

When these third parties are processors within the meaning of the applicable regulations, they only act in accordance with our instructions and are contractually bound to ensure a level of security and confidentiality of your Data identical to that which we guarantee you and this, in accordance with the GDPR.

4. Retention periods

Your Data will not be retained beyond the period strictly necessary for the purposes pursued as set out in this privacy policy, and in accordance with the GDPR.

In this regard, your Data is retained:

For the entire duration of your membership in our Club;
For a period of one month concerning our video surveillance system;
For the legal duration of 13 months for cookies and other tracking technologies that we use to optimize the use of our Site.

Regarding the sending of our commercial communications, we retain your Data until you withdraw your consent or, failing that, for 3 years from the collection of your Data or the last contact from you.

Your Data is deleted from our active databases when their retention periods expire. However, your Data may be archived beyond the specified periods for the duration of the applicable legal prescriptions or for the needs of research, the establishment, and prosecution of criminal offenses solely for the purpose of making your Data available to the judicial authority if necessary.

Archiving implies that your Data will no longer be available online but will be extracted and stored on an independent and secure medium.

5. Transfer of your data abroad

In principle and as a general rule, we do not transfer data abroad.

However, to the extent that some of TCV's technical service providers are located in countries outside the European Union, we are committed to making this transfer securely and in accordance with applicable regulatory provisions:

When we transfer your Data outside the European Union, we will always do so in a secure and legal manner:

Either by transferring the Data to a recipient located in a country that has been the subject of an adequacy decision by the European Commission certifying that it provides an adequate level of protection;
Or by executing or having executed the European standard contractual clauses that have been approved by the European Commission as ensuring an adequate level of protection of your Data;
Or by using any appropriate safeguards referred to in Article 46 of the GDPR.

Below are our technical providers and information:

The site is hosted by: Vercel Inc, whose registered office is located at 340 S Lemon Ave #4133 Walnut, CA 91789, and can be contacted by email at the following address: privacy@vercel.com, hereinafter "the Host". Their European DPO can be contacted via this form:https://edpo.com/fr/gdpr-data-request/ or by writing to EDPO, Avenue Huart Hamoir 71, 1030 Brussels, Belgium.

Vercel is certified under the EU-U.S. Data Privacy Framework. Vercel is therefore considered to provide adequate protection for personal data transferred outside the European Union, the United Kingdom, and Switzerland.

MongoDB is used as the database provider for the site and its services. MongoDB Inc. has appointed a Data Protection Officer (DPO) responsible for overseeing questions related to their privacy policy, including any request to exercise legal rights. You can contact their DPO at the following address:privacy@mongodb.com.

MongoDB Inc. has self-certified to comply with the EU-U.S. Data Privacy Framework ("EU-U.S. DPF"), the UK Extension to the EU-U.S. DPF, and the Swiss-U.S. Data Privacy Framework (collectively referred to as the "DPF Principles").

In the event of any conflict between the terms of their Data Privacy Framework statement and the DPF Principles, the latter shall prevail.

6. Securing your Data

We attach great importance to the protection, integrity, and confidentiality of your Data. Therefore, we take appropriate technical and organizational measures to prevent unauthorized access or modification, disclosure, loss, or destruction of your Data. However, despite our efforts, no security measure can prevent all risks of misuse or hacking, for which we cannot be held responsible.

7. Your rights over your Data

In accordance with the regulations in force, you have a number of rights relating to your Data, namely:

A right of access to your Data: you have the right to obtain (i) confirmation that Data concerning you is being processed by TCV and, if so, (ii) access to this Data and obtain a copy of it.
A right to rectification: you have the right to obtain the rectification of inaccurate Data concerning you. You also have the right to complete incomplete Data by providing an additional statement. In the event of exercising this right, we undertake to communicate any rectification to all recipients of your Data.
A right to erasure: in certain cases, you have the right to obtain the erasure of your Data. However, this is not an absolute right and we may, for legal or legitimate reasons, retain this Data.
A right to restriction of processing: in certain cases, you have the right to obtain the restriction of processing of your Data.
A right to data portability: you have the right to receive your Data that you have provided to us, in a structured, commonly used, and machine-readable format, for your personal use or to transmit them to a third party of your choice. This right only applies when the processing of your Data is based on your consent, on a contract, or when this processing is carried out by automated means.
A right to object to processing: you have the right to object at any time to the processing of your Data for processing based on our legitimate interest, and those for commercial prospecting purposes. In the case of direct communication, this right can be exercised by any means, including by clicking on the unsubscribe links at the bottom of the communications sent.
The right to withdraw your consent at any time: you can withdraw your consent to the processing of your Data when the processing is based on your consent. Withdrawal of consent does not compromise the lawfulness of the processing based on consent carried out before this withdrawal.
The right to lodge a complaint with the CNIL: you have the right to contact the CNIL to complain about our personal data protection practices.
The right to give instructions regarding the fate of your data after your death: you have the right to give us instructions regarding the use of your Data after your death.

To exercise these rights, you can contact us at the following address:contact@thecollectionparis.com or by postal mail at the address of the company THE COLLECTION VENDOME, 48, rue Lecourbe -- 75015 PARIS.

Note that we may require proof of your identity to exercise these rights, if we have reasonable doubt about your identity.

8. Modification of our privacy policy

We may occasionally modify this policy, in particular to comply with any regulatory, jurisprudential, editorial, or technical developments. In such cases, we will change the "last updated" date and indicate the date on which the changes were made. When necessary, we will inform you and/or seek your consent. We advise you to regularly consult this page to be aware of any changes or updates made to our policy.

9. GDPR and Data Protection Compliance / iOS Application / The Collection Paris

The Collection Paris, iOS Application, operated byTHE COLLECTION GROUP (hereinafter referred to as "The Developer"), follows and hereby commits to full compliance with the General Data Protection Regulation (GDPR) and all applicable privacy and data protection laws relevant to the processing of sensitive personal and financial data within the European Economic Area (EEA). This includes, without limitation, adherence to:

The security standards published byPCI DSS and EMVCo(particularly those supportingIn-store NFC Payments); and
All other applicable privacy and security regulations governing the HCE Application and its related back-end infrastructure.

The Developer further commits to:

1. Maintain appropriate written policies and procedures for:

The lawful and transparent processing of personal data, including, but not limited to: establishing proper legal grounds for processing, obtaining valid consent where required, and upholding data subject rights such as access, rectification, erasure, and data portability;
The controlled disclosure of personal data to third parties, ensuring such disclosures are governed by enforceable agreements and subject to adequate safeguards as required under GDPR (e.g., Standard Contractual Clauses or adequacy decisions).

2. Implement and maintain documented procedures for:

The timely identification, assessment, and remediation of security vulnerabilities in both the HCE Application and the supporting HCE back-end infrastructure;
The prompt, and without undue delay, notification to Apple of any:
- Actively exploited vulnerability related to the HCE Application or back-end systems; or
- Security incident involving unauthorized access, disclosure, alteration, or destruction of sensitive personal or financial data.

Additionally, The Developer shall ensure that data protection by design and by default is incorporated into the development and ongoing operation of the HCE Application. Appropriate technical and organizational measures shall be in place to safeguard personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access.

10. Contact

For any questions regarding this policy or any request regarding your Data, you can contact us by:

Sending an email to the following address:contact@thecollectionparis.com
Sending a letter to the following address: THE COLLECTION VENDOME, 48, rue Lecourbe -- 75015 PARIS.

How do we protect your personal data?

We implement all the technical and organizational means required to ensure the security of your personal data on a daily basis and, in particular, to combat any risk of destruction, loss, alteration, or disclosure.

Do we use cookies when you browse our website?

We inform you that we use cookies when you browse our website. For more information, we invite you to consult our Cookie Policy.

Who can you contact for more information on the use of your personal data?

To best ensure the protection and integrity of your data, we have officially appointed a Data Protection Officer (“DPO”) with our supervisory authority. You can contact our DPO at any time and free of charge at the following address:contact@thecollectionparis.com to obtain more information or details on how we process your data

How can you contact the CNIL?

You can contact the "Commission nationale de l'informatique et des libertés" or "CNIL" at any time at the following contact details: CNIL Complaints Department, 3 place de Fontenoy – TSA 80751, 75334 Paris Cedex 07 or by phone at 01.53.73.22.22.

Can the Privacy Policy be modified?

We may modify our Privacy Policy at any time to adapt to new legal requirements as well as new processing that we may implement in the future.

Version updated on March 1^st, 2025.