NATIVE SPACES PRIVACY NOTICE AND POLICY
Last updated: 24 January 2023
Native Spaces (Native Consulting) ID: 83459871
A. Privacy notice
A. PRIVACY NOTICE
Who we are?
Native Spaces (Native Consulting) ID:83459871 with address 15 Avenue Georges Clemenceau, Nice 06000, France is an online marketplace where event organisers can discover and book unique spaces, as well as carefully selected event suppliers.
Contact details with Native Spaces (Native Consulting)
Address: 15 Avenue Georges Clemenceau, Nice 06000, France
Manager: Tanya Bencheva
Internet site: www.native-spaces.com
Contact details with Data Protection Officer (Response person for GDPR)
Name: Tanya Bencheva
Your personal data that we process are: Personal data category: - Names - E-mail - Telephone - Profile picture
We declare that the personal data we collect will only be used for the following purposes:
- Login / authentication
- Ability to transact on the platform with other participants
- Communications on transactions and requests – notifications for activity on the platform, e.g. status of your space application, status of your requests, messages received from other platform users
- Marketing: sending communications for relevant offers (only provided you have agreed to receive marketing communications)
The basis that entitles us to process your data is:
- Agreement – The T&C for using the site constitute a legal contract
- Customer consent – when ticking / agreeing with the terms and conditions
The following organizations / individuals will receive your personal data:
- Personal data is not disclosed outside of the organization, unless you (the customer) consent to be put in touch with a provider or an event service
- The information that you (the customer) disclose via our messaging system to other parties and users of the Native Spaces website (providers of spaces and services, event organizers), be it personal or not, is entirely in the client’s own discretion and Native Spaces does not take any responsibility for the use of such data by those third parties / users.
By agreeing to accept this Privacy Notice, you authorize us to process your personal information only for the purposes we specify.
In cases where we want consensus on special (sensitive) personal data, we will always be motivated why and how this information will be used. You can withdraw your consent at any time
Data storage period:
Native Spaces (Native Consulting) will store your personal data for no more than 5 years after you deactivate or delete your user profile.
Your rights as a data subject are as follows:
At any time while we store or process your personal data, you have the following rights:
- you have the right to request a copy of your personal data Native Spaces (Native Consulting) and the right of access at any time to your personal data;
- you have the right to request your personal data in a form convenient to transfer to another personal data administrator from Native Spaces (Native Consulting) or to ask us to do so without being hindered by ourselves;
- you have the right to ask Native Spaces (Native Consulting) to correct without undue delay your inaccurate personal data as well as the data that is not up to date;
- you have the right to request from Native Spaces (Native Consulting) that your personal data be deleted without undue delay in any of the following circumstances: personal data are no longer needed for the purposes for which they were collected; when you have withdrawn your consent; when you have objected to the processing, when processing is unlawful; where personal data must be erased in order to comply with a legal obligation under EU law or the law of a Member State that applies to us as a data controller; when personal data have been gathered in connection with the provision of information society services.
We may refuse to delete your personal information for the following reasons:
- in the exercise of the right to freedom of expression and the right to information;
- to comply with a legal obligation on our part or to carry out a task in the public interest,
- in the exercise of the official powers granted to us (in case you are a body of authority);
- for reasons of public interest in the field of public health;
- for purposes of archiving in the public interest, for scientific or historical research or for statistical purposes, in so far as deletion is likely to render impossible or seriously obstructing the achievement of the purposes of such processing; or for the establishment, exercise or protection of legal claims.
You have the right to request from Native Spaces (Native Consulting) to restrict the processing of your personal data, in which case the data will only be stored but not processed. Our refusal to restrict will be explicit only in writing, and we are obliged to motivate it for the legitimate reason;
- You have the right to withdraw your consent to the processing of your personal data at any time with a separate request addressed to the administrator;
- You have the right to object to certain types of processing, such as direct marketing (unsolicited advertising messages);
- You have the right to object to automated processing, including profiling;
- You have the right not to be the subject of a decision based solely on automated processing including profiling;
- If we need to use your personal data for a new purpose not covered by this data protection statement, we will provide you with a new data protection skill and when and where necessary we will require your prior consent for the new processing. All the above requests will be forwarded if there is a third party (recipients, including outside the EU and international organizations) in the processing of your personal data.
You have the right to complaint to the supervisory authority
In case you wish to file a complaint about the processing of your personal data through Native Spaces (Native Consulting) (recipients, including outside the EU and international organizations), you can do so by contacting Native Spaces (Native Consulting) or directly the Data Protection Officer (the contact details listed above).
At Native Spaces, we treat protecting your personal data as a priority.
When you use the native-spaces.com platform (the ‘Platform’), we may collect your personal data. The purpose of this policy is to inform you about how we process such data in accordance with EU Regulation 2016/679 of 27 April 2016 on the protection of individuals with regard to the processing personal data and on the free movement of such data (the ‘GDPR’).
1. Who is the controller?
The data controller is Native Consulting (Native Spaces), a société par actions simplifiée [simplified joint stock company] (SAS), registered with the Nice Trade and Companies Register under number 834 598 716 and whose registered office is located at 15 avenue Georges Clémenceau, 06000 Nice (‘Us/We’).
2. What data do we collect?
Personal data is data that makes it possible to identify an individual either directly or by cross-referencing other data. We collect data in the following categories:
- Identification data (surname, first name, email address, telephone number, profile picture);
- Data on your transactions and requests (notifications of activity on the Platform, the status of your booking request, messages received from other users);
- Login data (login data, encrypted passwords) ;
- Browsing data (IP address, pages visited, date and time of logging in, browser used, operating system, user ID, IFA);
- Business and financial data (bank details, credit card details);
- Any information you wish to provide us as part of your contact request.
When you provide us with your data, mandatory data will be indicated by an asterisk and is necessary for us to provide our services.
If you choose to sign in using a third-party authentication service (such as Google or Facebook), some data such as your name and email address may be recovered from this service. By choosing this option, you agree that this service may provide us with such data.
3. What are the objectives, on what legal grounds and for how long do we store your data?
|Objectives||Legal grounds||Archiving period|
|To provide our services that are available on our Platform (booking accommodation for events) via your account||To perform any pre-contractual measures taken at your request and/or fulfilling the agreement that you or your company have entered into with Us||After you have created your account: your data will be held for the entire time you maintain your account open. Your login data is held for one year. If the account remains inactive for 3 years, your personal data will be deleted if you fail to reply to our reactivation email. In addition, your data may be archived for evidential purposes for a 5-year period.|
|To fulfil your order, perform operations relating to managing our customers with respect to agreements, orders, invoices and monitoring the contractual relationship with our customers.||To perform the agreement that you or your company have entered into with Us.||Personal Data is stored for the entire duration of the contractual relationship. In addition, your data (with the exception of your bank details) is archived for evidential purposes for a 5-year period. Your credit/debit card details are held by Stripe, our payment service provider. Your visual cryptogram or CVV2 on your credit/debit card are not saved.|
|To improve our services||We have a legitimate interest to improve our services||Personal Data is stored for the entire duration of the contractual relationship. Recordings of telephone calls: For 6 months after they are collected. Content analysis documents for telephone calls: Up to one year after they are collected.|
|To create a file of customers and prospective customers||We have a legitimate interest to develop and promote our business||For customers: personal data is stored for the entire duration of the contractual relationship. For prospective customers: data is kept for 3 years from the last contact with you, for marketing purposes.|
|Sending newsletters, promotional messages and solicitations||For customers: we have a legitimate interest to build customer loyalty and inform customers of our latest news. For prospective customers: your consent.||The data is kept for 3 years from your last contact with us or until your consent is withdrawn.|
|Answering your information requests.||We have a legitimate interest to respond to your requests.||The data is held for the time needed to process your information request and is deleted once the information request is closed.|
|To comply with the legal obligations applicable to our business.||To comply with our statutory obligations.||For invoices: invoices are archived for 10 years. Data relating to your transactions (with the exception of bank details) are stored for 5 years.|
|To prepare statistics on browsing and visitor traffic to the site.||Your consent.||The data is kept for 25 months.|
|To manage requests to exercise rights.||We have a legitimate interest to respond to your requests and keep track of them.||If we ask you for a proof of identity: we only keep this data for the time needed to check your identity. Once we have completed the check, the proof of identity is deleted. If you exercise to your right to object to receive marketing information: we keep this information for 3 years.|
4. Who receives your data?
Your personal data can be accessed by:
(i) Our staff;
(ii) Our processors and subcontractors: hosting service provider, newsletter sending service provider, audience measurement and analysis service provider, e-mail service provider, secure payment service provider, accounting service provider;
(iii) Where applicable: public and private bodies, exclusively to meet our legal obligations.
5. Is your data likely to be transferred outside of the European Union?
Your data is stored and archived for the entire duration of the processing on the servers of Vultr, a company located in the European Union. As part of the tools we use (see article on recipients including our subcontractors), your data may be transferred outside the European Union. In this context, your data is secured by means of the following tools:
• either the data is transferred to a country which has been subject to a European Commission adequacy decision in accordance with Article 45 of the GDPR: in this case, this country provides a level of protection deemed sufficient and adequate for the GDPR provisions;
• or the data is transferred to a country whose level of data protection has not been recognised as being adequate for the purposes of the GDPR: in such cases, these transfers are based on appropriate safeguards mentioned in Article 46 of the GDPR, adapted to each service provider, including but not limited to concluding standard contractual clauses approved by the European Commission, applying binding corporate rules or under an approved certification mechanism.
• or the data is transferred based on one of the appropriate safeguards described in Chapter 5 of the GDPR.
6. What are your rights over your data?
You have the following rights with respect to your personal data.
Right to information: this is precisely why we have drawn up this policy. This right is provided for in Articles 13 and 14 of the GDPR.
Right of access: you have the right to access all your personal data at any time, in accordance with Article 15 of the GDPR.
Right of rectification: you have the right to rectify your inaccurate, incomplete or outdated personal data at any time in accordance with Article 16 of the GDPR
Right to restriction of processing: you have the right to obtain restriction of processing of your personal data in certain cases defined in Article 18 of the GDPR.
Right to erasure: you have the right to request that your personal data be erased, and prohibit any future collection of your personal data on the grounds set out in Article 17 of the GDPR.
Right to lodge a complaint with a competent supervisory authority (in France, the CNIL), if you consider that processing of your personal data constitutes a breach of the applicable texts, in accordance with Article 77 of the GDPR.
Right to issue instructions about storing, deleting and disclosing your Personal Data after your death.
Right to withdraw your consent at any time: for processing based on consent, Article 7 of the GDPR states that you can withdraw your consent at any time. This withdrawal will not affect the lawfulness of the processing carried out before the withdrawal.
Right to data portability: under certain conditions specified in Article 20 of the GDPR, you have the right to receive the personal data you have provided to us in a standard machine-readable format and ask that it be transferred to the recipient of your choice.
Right to object: under Article 21 of the GDPR, you have the right to object to your personal data being processed. Please note however, that we may continue to process your data despite this objection for legitimate reasons or to defend legal rights in court.
You can exercise these rights by writing to us at the contact details provided below. We may ask you to provide additional information or documents to check your identity.
7. What cookies do we use?
8. Contact point to exercise your rights
Contact email: firstname.lastname@example.org
Contact address: 15 Avenue Georges Clémenceau, 06000 Nice