Privacy Policy

1. Introduction

Enjoy Paris ("we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our loyalty program platform.

2. Data Controller

3. Legal Basis for Processing

We process your personal data based on the following legal grounds under GDPR:

• Legitimate Interest (Article 6(1)(f)): Operating our platform and providing services
• Contract (Article 6(1)(b)): Fulfilling our Terms of Service
• Consent (Article 6(1)(a)): Marketing communications (where applicable)
• Legal Obligation (Article 6(1)(c)): Compliance with applicable laws

4. Information We Collect

4.1 Information You Provide

For Airbnb Hosts:

• Name and contact information
• Airbnb listing details and photos
• Property location and description
• Account credentials (encrypted)

For Guests (Wallet Pass Users):

• Name (as provided by host for pass creation)
• Pass usage data (which perks are redeemed)
• Check-in history at partner businesses

4.2 Information Automatically Collected

• Technical Data: IP address, browser type, device information
• Usage Data: Pages visited, features used, time spent on platform
• Wallet Pass Data: Pass creation, updates, and usage analytics

4.3 Information from Third Parties

• Partner Businesses: Redemption confirmations and usage data
• Apple/Google: Wallet pass delivery and update confirmations (anonymized)

5. How We Use Your Information

5.1 Service Provision

• Creating and managing digital wallet passes
• Facilitating perk redemptions at partner businesses
• Providing customer support and technical assistance
• Processing member tier progression and rewards

5.2 Platform Improvement

• Analyzing usage patterns to improve user experience
• Developing new features and partnerships
• Ensuring platform security and preventing fraud

5.3 Business Operations

• Managing partnerships with local businesses
• Providing aggregated analytics to partners (anonymized)
• Complying with legal requirements and regulations

6. Data Sharing and Disclosure

6.1 Partner Businesses

We share limited information with partner businesses to facilitate perk redemptions:

• Guest name (for verification purposes only)
• Pass validity status
• Specific perk being redeemed

6.2 Service Providers

We use trusted third-party service providers for:

• Cloud hosting and data storage (EU-based servers)
• Email communications
• Analytics and performance monitoring
• Payment processing (future feature)

6.3 Legal Requirements

We may disclose personal data when required by law or to:

• Comply with legal processes and government requests
• Protect our rights, property, or safety
• Investigate fraud or security issues

6.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal data may be transferred as part of the transaction, subject to the same privacy protections.

7. International Data Transfers

Your personal data is primarily stored and processed within the European Union. Any transfers outside the EU are protected by:

• EU-US Privacy Shield certification (where applicable)
• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions by the European Commission

8. Data Retention

We retain personal data only as long as necessary for the purposes outlined in this policy:

• Host Account Data: For the duration of your account plus 3 years
• Guest Pass Data: For 2 years after pass expiry
• Usage Analytics: Anonymized data retained indefinitely for platform improvement
• Legal Records: As required by applicable law

9. Data Security

We implement comprehensive security measures to protect your personal data:

9.1 Technical Safeguards

• End-to-end encryption for data transmission
• Advanced encryption standard (AES-256) for data storage
• Regular security audits and vulnerability assessments
• Multi-factor authentication for staff access

9.2 Organizational Measures

• Limited access to personal data on a need-to-know basis
• Regular staff training on data protection
• Data breach response procedures
• Privacy by design principles in system development

10. Your Rights Under GDPR

As a data subject in the EU, you have the following rights:

10.1 Right to Information and Access (Articles 13, 14, 15)

You have the right to know what personal data we process and obtain a copy of it.

10.2 Right to Rectification (Article 16)

You can request correction of inaccurate or incomplete personal data.

10.3 Right to Erasure ("Right to be Forgotten") (Article 17)

You can request deletion of your personal data under certain circumstances.

10.4 Right to Restrict Processing (Article 18)

You can request limitation of how we process your personal data.

10.5 Right to Data Portability (Article 20)

You can request a copy of your data in a machine-readable format.

10.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for marketing purposes.

10.7 Right to Withdraw Consent (Article 7(3))

Where processing is based on consent, you can withdraw it at any time.

10.8 Right to Lodge a Complaint

You can file a complaint with the French Data Protection Authority (CNIL) or your local supervisory authority.

11. Exercising Your Rights

To exercise any of your rights, contact us at:

We will respond to your request within 30 days and may request verification of your identity.

12. Cookies and Tracking

12.1 Essential Cookies

We use essential cookies for:

• Authentication and session management
• Security features
• Basic functionality and navigation

12.2 Analytics Cookies

With your consent, we use analytics cookies to understand how you use our platform and improve our services. You can opt out at any time through your browser settings or our cookie preferences center.

13. Children's Privacy

Our service is not intended for users under 18 years old. We do not knowingly collect personal data from children under 18. If you become aware that a child has provided us with personal data, please contact us immediately.

14. Data Breach Notification

In the event of a personal data breach, we will:

• Notify the relevant supervisory authority within 72 hours
• Inform affected individuals if there is high risk to their rights and freedoms
• Document the breach and our response measures
• Take immediate steps to mitigate the breach

15. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices or applicable laws. We will notify you of material changes via email or through our platform.

16. Contact Information

For any privacy-related questions or concerns: