Private Policy

Privacy Policy and Personal Data Protection

This document outlines and describes our principles and commitments for protecting your Personal Data. Its purpose is to inform you about:

  • The Personal Data collected by Maison d’Illusion and its services, as well as the reasons for this collection,
  • How this Personal Data will be used,
  • Your rights as an individual affected by our data processing practices.

This Policy applies to all services.

 

Data Controller

The data controller is Maison d’Illusion, represented by Ms. Malgorzata Kossakowska.

Contact details:

Maison d’Illusion is committed to considering the protection of your Personal Data from the design stage of the implemented processes and the services offered to you (Privacy by Design). Additionally, measures to ensure the protection of your Personal Data are implemented by default (Privacy by Default) for all processes.

 

Data Collection

Maison d’Illusion collects data necessary for providing its services.

If optional data is requested, you will be explicitly informed about which Personal Data is necessary for the service and which is optional.

Personal Data is collected directly from you or indirectly for the purpose of providing the services and is only used for the purposes communicated to you.

Maison d’Illusion relies on the following legal bases for processing Personal Data:

  1. Performance of a contract or agreement
    Data is processed as part of fulfilling a contract or agreement. If the necessary data is not provided (e.g., for online payment services), it may not be possible to fulfill the agreed services or contracts.
  2. Legal obligation
    Processing may be required to comply with legal or regulatory obligations.
  3. Public interest or exercise of official authority
    Data processing may be necessary to fulfill tasks of public interest or exercise public authority.
  4. Consent
    Data processing may be based on explicit consent for purposes such as:

    • Sending communications (emails, invitations, etc.),
    • Booking cultural activities for groups,
    • Managing reservations for museum activities or school visits.

    Consent can be withdrawn at any time, subject to regulatory provisions, by contacting the Data Protection Officer (DPO) at the provided email address.

  5. Legitimate interest
    Processing may be based on Maison d’Illusion’s legitimate interests for activities outside its public service missions, such as invitations to events.

 

Data Sharing

Your Personal Data may be shared with:

  • Internal services responsible for executing subscribed services.
  • External service providers (e.g., technical subcontractors) who must comply with applicable regulations.
  • Institutional or private partners, subject to prior notification and explicit consent.

 

Data Transfers Outside the EU

Maison d’Illusion processes all Personal Data within the European Union (EU).

 

Data Retention

The retention period of your Personal Data depends on the service provided and related legal obligations. Maison d’Illusion ensures that data is not retained beyond the required duration for the service and applicable legal timeframes.

 

Data Security

Maison d’Illusion is committed to ensuring the security and confidentiality of your Personal Data, preventing unauthorized access, alteration, or destruction. In the event of a data breach, Maison d’Illusion will notify the relevant authority (CNIL) within 72 hours.

 

Your Rights

You may exercise the following rights concerning your Personal Data at any time:

  1. Right of access
  2. Right to rectification
  3. Right to object
  4. Right to erasure
  5. Right to restriction of processing
  6. Right to data portability

Requests can be sent to the Data Protection Officer at: maisondillusion@gmail.com. Maison d’Illusion commits to responding promptly, within the legally mandated timeframes, provided the exercise of these rights does not impede contractual or legal obligations.

 

Key Definitions Under GDPR

  • Data Processing: Any operation performed on Personal Data, such as collection, storage, or deletion.
  • Data Controller: The entity determining the purpose and means of processing.
  • Data Subject: The individual to whom the data pertains.

Under GDPR, the concept of accountability requires data controllers to independently demonstrate compliance through internal documentation.

  • Privacy by Design: Integrating data protection measures from the beginning of service or tool design.
  • Privacy by Default: Ensuring the highest level of data protection by default.
  • Minimization: Limiting data collection to what is strictly necessary for its intended purpose.
  • Anonymization: Removing all identifiers to make data untraceable to individuals.
  • Pseudonymization: Replacing identifiers with pseudonyms, allowing re-identification under specific conditions.

 

For more details on your rights, visit the CNIL’s official website: https://www.cnil.fr/fr/reglement-europeen-protection-donnees/chapitre3.

 

Annonce

Congé annuel !
Du 1er au 15 avril 2025, nous sommes en vacances !
Réouverture le 16 avril à 10h00.

This will close in 0 seconds

Announcement

HOLIDAYS!
From April 1st to April 15th, we are on vacation !
Reopening on April 16th at 10:00 AM.

This will close in 0 seconds