Version: PP-2023-G
Effective Date: September 1, 2023
data controller
legal entity: LUXE COMPANION SARL
Registered address: 12 Rue du Privacy, 75008 Paris, France
data protection officer(DPO):Émilie Rousseau PhD
Contact person:dpo@luxecompanion.fr (PGP Key ID: 0x8D9A2F1B)
data collection matrix
1. Essential Data
| Data Type | Purpose | Legal Basis | Retention Period |
|---|---|---|---|
| Delivery Address | Contract Fulfillment | GDPR Art.6(1)(b) | 90 days post-order |
| Email Address | Order Confirmation | GDPR Art.6(1)(b) | 30 days post-order |
2. Optional Data
| Data Type | Purpose | Withdrawal Method |
|---|---|---|
| Body Measurements | Product Customization | Account Settings → 3D Data Erasure |
| Payment Card Expiry | Recurring Subscriptions | Contact Support → Instant Disable |
security infrastructure
1. Technical support
Storage: AES-256 Encryption on OVH SAS France Servers (ISO 27001 Certified)
Transfers: TLS 1.3 Enforcement with HSTS Preloading
Physical Security: Biometric Access + 24/7 CCTV (Secure Undisclosed Location)
2. organizational measures
Training: Mandatory 8-Hour Annual Cybersecurity Program
Access Control: Role-Based Privileges (RBAC Model)
Testing: Quarterly Penetration Testing (Report PT-2023Q3)
Data subject rights
1. Permission directory
[✅] Access Right: Obtain Data Copy (JSON/PDF)
[✅] Rectification: Real-Time Parameter Editing
[✅] Erasure: Irreversible Quantum-Level Deletion (GDPR Art.17)
[✅] Objection: Opt-Out of Profiling
[✅] Portability: Competitor Migration API
2.Exercise channels
Portal: https://my.luxecompanion.fr/privacy
Secure Email: privacy@luxecompanion.fr (PGP Required)
Application by post: Registered letter addressed to DPO (identity verification required)
data sharing framework
1. Operating partners
1. Operating partners
| Recipient | Shared Data | Protections |
|---|---|---|
| DHL France | Geohashed Address | 1km Geolocation Obfuscation |
| Stripe | Transaction Amount | PCI-DSS Tokenization |
2. advertising ecosystem
▶ Google Ads: Sensitive Category Exclusion:
Medical Terminology
▶ Meta Pixel: Aggregated Event Measurement (AEM)
Sexual Orientation
cross-border transfer
For Non-EEA Deliveries:
Absolutely prohibited:
🚫China 🚫Russia 🚫United States (post-Privacy Shield Framework).
All Processing Confined to European Economic Area
UK/CH Transfers Covered by Adequacy Decisions
Minor Protection Protocol
Age Verification: Facial Recognition + ID Scan Pre-Checkout
Exception handling: Minor detection trigger →
(1) Account suspension
(2) Immediate data removal
(3) CNIL notification (reference: JUV-2023)
Strategy evolution
Historical Archive: https://luxecompanion.fr/privacy/archive
Notifications: In-App Alert + PGP-Encrypted Email
Version Objection: 7-Day Rollback Right
dispute resolution
Step 1: DPO-mediated consultation (response within 15 working days)
Step 2: CNIL complaint (Form F01-2023)
Step 3: Exclusive jurisdiction: Paris Commercial Court
Changes to this Privacy Policy
Implementation Instructions:
Cookie Compliance:
Layer 1: Strictly Essential Cookies (Default)
Layer 2: Granular Advertising/Tracking Toggles
2.VIP Services:
→ Personalized 3D data visualization dashboard
→ Dedicated privacy concierge (24/7 signal encryption support)
Compliance Audits: Semi-Annual Reviews by CNIL-Certified Auditors
This policy uses XMSS post-quantum cryptographic signatures for tamper-proof verification.
We may update our Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page.
You are advised to review this Privacy Policy periodically for any changes. Changes to this Privacy Policy are effective when they are posted on this page.
Contact Us
If you have any questions about this Privacy Policy, please contact us.