Privacy Policy
Kiss Me in Paris SARL
Last updated: 03 April 2026
1. Who we are
Kiss Me in Paris SARL (“we”, “us”, “our”) is the data controller for personal data collected through kissinparis.com and through the contact channels described in Section 2.
Legal entity: Kiss Me in Paris SARL
Registered address: 78 Avenue Raymond Poincaré, 75016 Paris, France
SIREN: 813 919 156
Contact for privacy matters: privacy@kissinparis.com
2. Data we collect
We collect personal data in four ways:
Enquiries and bookings
Name, email address, phone number, event details, travel dates, and any other information you include in your message or booking.
Payments
Payment card details are processed directly by Stripe. We do not store card numbers or security codes.
Website use
IP address, browser type, pages visited, and general device information, collected automatically via Google Analytics 4, Meta Pixel, and Cloudflare.
Communications
Records of email or other correspondence between us.
If you choose not to provide the personal data we need to prepare or carry out your booking, we may not be able to deliver the services you request.
3. Why we process your data
The table below shows each purpose and its lawful basis under GDPR Article 6.
| Purpose | Lawful basis |
|---|---|
| Responding to enquiries | Contract performance (Art. 6(1)(b)) / Legitimate interest (Art. 6(1)(f)) — running our business and replying to potential clients. |
| Managing bookings and event logistics | Contract performance (Art. 6(1)(b)) |
| Processing payments via Stripe | Contract performance (Art. 6(1)(b)) |
| Website security and performance (Cloudflare) | Legitimate interest (Art. 6(1)(f)) — keeping our site reliable and secure. |
| Analytics — Google Analytics 4 | Consent (Art. 6(1)(a)) — measuring how our site is used. |
| Advertising and measurement — Meta Pixel | Consent (Art. 6(1)(a)) — measuring and improving our advertising. |
| Compliance with French accounting and tax law | Legal obligation (Art. 6(1)(c)) |
We do not make automated decisions about you that produce legal or similarly significant effects.
4. How long we keep your data
| Category | Retention period |
|---|---|
| Enquiry and contact records (no booking) | 3 years from last contact |
| Client booking and event records | 10 years from the end of the financial year in which the event took place (French accounting requirements — Code de commerce Art. L. 123-22) |
| Analytics data | 14 months (Google Analytics 4 retention setting) |
| Payment records | 10 years, in line with French accounting and tax requirements |
5. Third-party processors
These providers process personal data on our behalf; each is bound by a Data Processing Agreement or equivalent instrument.
| Provider | Service | Location | Transfer mechanism1 |
|---|---|---|---|
| Liquid Web, LLC | Website hosting — dedicated server | Michigan, USA | EU Standard Contractual Clauses |
| Cloudflare, Inc. | CDN and DDoS protection | USA (global network) | EU Standard Contractual Clauses |
| Google LLC | Analytics — Google Analytics 4 | USA | DPF / EU SCCs |
| Stripe, Inc. | Payment processing | USA | DPF / EU SCCs |
| Meta Platforms, Inc. | Advertising and measurement — Meta Pixel | USA | EU Standard Contractual Clauses |
Where a US provider participates in the EU–US Data Privacy Framework (DPF), we rely on that adequacy mechanism. Otherwise, we use Standard Contractual Clauses or another lawful transfer basis under GDPR Article 46.
We also use Google Search Console (aggregated data only) and Contact Form 7 for form processing (handled on our server). We do not operate a CRM, email marketing platform, or mailing list, and we do not sell or share visitor data for commercial purposes.
6. International transfers
Our website is hosted in the United States. When personal data is transferred from the EU/EEA to the US, it is protected by the mechanisms described in Section 5 — the EU–US Data Privacy Framework, where the specific provider is certified, or EU Standard Contractual Clauses and, where required, appropriate supplementary measures. We assess international transfers and apply safeguards in line with GDPR requirements.
7. How we protect your data
We take appropriate technical and organisational measures to protect personal data, including:
- Limiting access to personal data to staff and suppliers who need it to perform their role
- Using strong passwords and, where available, multi-factor authentication for key tools
- Encrypting data in transit using HTTPS/TLS
- Using reputable providers for hosting, analytics, and payments, each under a written data protection agreement
- Regularly updating software and applying security patches
- Maintaining backups of key business data
No online system can be 100% secure, but we work to keep risks proportionate to the size and nature of our business.
8. Your rights
Under GDPR, you have the right to:
- Access the personal data we hold about you
- Correct inaccurate or incomplete data
- Request erasure of your data (“right to be forgotten”), in certain circumstances
- Restrict or object to processing, in certain circumstances
- Receive your data in a portable format
- Withdraw consent at any time where processing is based on consent (this does not affect past processing)
You may also define instructions on the retention, deletion, and communication of your personal data after your death, in accordance with French law (loi Informatique et Libertés, Art. 85).
To exercise any of these rights, contact privacy@kissinparis.com. We will respond within one month and may extend this by up to two further months for complex or numerous requests; if we do, we will tell you why within the first month.
You also have the right to lodge a complaint with the French data protection authority: Commission Nationale de l’Informatique et des Libertés (CNIL) — www.cnil.fr
9. Cookies10. Changes to this policy
We use cookies for website functionality, security, analytics, and advertising.
- Strictly necessary cookies run without consent.
- Analytics and advertising cookies (including Google Analytics 4 and Meta Pixel) require your consent, which you can give or withdraw via the consent banner shown on your first visit. Refusing consent must be as easy as accepting, and your choice is remembered for a defined period.
A full list of cookies and their purposes is set out in our Cookie Policy.
10. Changes to this policy
We update this policy when our practices change. The current version is always available at kissinparis.com/privacy-policy; the date at the top shows when it was last revised.
11. Changes to this policy
Kiss Me in Paris SARL
78 Avenue Raymond Poincaré, 75016 Paris, France