PRIVACY POLICY

This Privacy Policy applies to all data processing activities carried out by MOMA GROUP, its subsidiaries, and its endowment fund.

This policy covers both online and offline data collection, including information gathered through the websites of MOMA GROUP and its subsidiaries, the group’s applications and those of its subsidiaries, reservations made by clients and Users, as well as events, functions, seminars, and operations organized at the request of clients, website users (hereinafter referred to as the “Users”), or directly by MOMA GROUP, its subsidiaries, or its endowment fund.

This Privacy Policy is updated regularly, and MOMA GROUP recommends that each client and User review it on a regular basis.

MOMA GROUP places the utmost importance and care on protecting the personal data (hereinafter referred to as “Personal Data”) of its clients and Users.

PERSONAL DATA

WHAT IS PERSONAL DATA?

Personal Data refers to any information or set of information that allows a person to be identified either directly (e.g., name, surname, email address, home address, etc.) or indirectly (e.g., through pseudonymized data such as a unique identification number, etc.). Unique identifiers may also be considered Personal Data, such as your computer’s IP address.

This therefore includes all information concerning you as an individual that you voluntarily provide to us or that we collect when you browse our websites, use our mobile applications, make reservations, and/or receive services from us, and which, regardless of its nature, enables us to identify you directly or indirectly.

DATA CONTROLLER

MOMA GROUP, its subsidiaries, and its endowment fund are responsible for processing the Personal Data they collect, unless expressly stated otherwise.

Personal Data processed by partners of MOMA GROUP, its subsidiaries, or its endowment fund is the responsibility of those third parties. No Personal Data collected by MOMA GROUP, its subsidiaries, or its endowment fund will be shared with a third party without prior notice and/or your consent, depending on the purpose involved.

HOW PERSONAL DATA IS COLLECTED

We collect your Personal Data in several ways:

Directly from you when you use our websites, online booking services, and partner booking applications; when you apply for our job offers; when you subscribe to our newsletters; or when you interact with us (by completing forms made available to you, contacting our teams directly, etc.);

Automatically when you access one of our websites, mobile applications, or partner booking applications (technical data, IP address, browsing information, etc.).

CATEGORIES OF PERSONAL DATA COLLECTED

The categories of Personal Data we collect include:

Identification and contact information: your name, surname, email address, and any information necessary to identify you when you interact with us;

Application-related information: your name, surname, email address, phone number, professional experience, and any information you provide when submitting your application and/or CV, including photo, skills, education level, languages spoken, salary expectations, home address, hobbies, family situation, etc. We collect and retain this Personal Data solely for managing our own job offers and do not use it for any other purpose, particularly not for commercial purposes;

Payment information (to be confirmed / prepayment by credit card): in connection with payments for services offered through our mobile applications, financial data relating to the user’s bank account or credit card may be recorded;

Technical data: information about the device you use to access our websites and mobile applications and how you use them (such as operating system version, browser type, whether or not a proxy is used, IP address, access times, pages viewed, and the link that directed you to our websites).

LEGAL BASIS FOR COLLECTING PERSONAL DATA

In accordance with applicable European and French data protection regulations, your Personal Data is collected on one of the following legal grounds:

Your consent;

Our legitimate interest;

Compliance with our legal obligations.

PURPOSES OF COLLECTING PERSONAL DATA

We collect your Personal Data on the basis of your consent for the following purposes:

Managing your requests and inquiries: using your Personal Data to provide the information you request;

Sending you newsletters to which you have subscribed;

Managing job applications you submit;

Managing reservations for tables / seats / events that you ask us to arrange and sending confirmations or cancellations;

Sending you commercial information about our venues, events, or the activities of our endowment fund.

We collect Personal Data on the basis of our legitimate interest for the following purposes:

Defending our interests in the event of a dispute or legal action;

Ensuring the cybersecurity of our websites;

Preventing fraudulent activities in order to safeguard our assets and content.

We may also retain your Personal Data where required by law or in order to exercise or defend our legal rights.

ACCESS TO YOUR PERSONAL DATA

Your Personal Data is processed for the purposes described above and is accessible only to staff members of MOMA GROUP, its subsidiaries, and its endowment fund who need to access it in the course of their duties.

Your Personal Data may also be made available to third parties, including:

Our subcontractors and service providers for technical and logistical purposes.

These may include hosting, security, and maintenance providers for our websites and mobile applications; fraud management providers; technical service providers responsible for sending emails and newsletters; anti-spam and anti-bot service providers; recruitment agencies assisting in managing candidate databases and selecting profiles; and third-party banking and financial institutions for credit card payments.

These service providers have limited access to user data strictly within the scope of performing their services and are contractually bound to use it in compliance with applicable data protection regulations.

We impose the same security and confidentiality standards on our service providers and subcontractors that we commit to ourselves.

Our partners in connection with specific events, particularly those linked to our endowment fund.

Any authority, court, or other third party where such disclosure is required by law, regulation, or court decision, or where it is necessary to protect and defend our rights.

TRANSFER OF PERSONAL DATA OUTSIDE THE EUROPEAN UNION

The Personal Data we collect is hosted by a service provider whose servers and backups are located within the European Union.

However, MOMA GROUP, its subsidiaries, and its endowment fund may engage certain service providers located abroad or who themselves use subcontractors located abroad, including outside the European Union in countries where data protection regulations may differ from those applicable within the EU.

Any transfer of Personal Data outside the European Union is carried out with appropriate safeguards in compliance with applicable data protection regulations (such as EU standard contractual clauses or Binding Corporate Rules).

Due to the international organization of MOMA GROUP, each client or User is informed of these possible transfers and authorizes MOMA GROUP, its subsidiaries, and its endowment fund to transfer, store, and process Personal Data outside the European Union, particularly in the United States. The laws in force in such countries may differ from those applicable in the User’s place of residence within the European Union.

PERSONAL DATA OF MINORS

MOMA GROUP, its subsidiaries, and its endowment fund collect Personal Data only from adults. For this reason, we may ask you to provide your age or date of birth.

Please contact us if you believe we are processing data relating to minors so that we can delete it where appropriate.

We may collect personal data relating to minors where it has been provided by their legal representative, for example to manage reservations, provide specific services to minors, or respond to a particular request. By providing personal data relating to a minor, you confirm that you are an adult and the parent or legal representative of that minor.

SECURITY AND CONFIDENTIALITY

MOMA GROUP, its subsidiaries, and its endowment fund implement organizational, technical, software, and physical security measures to protect collected Personal Data against alteration, destruction, and unauthorized access. These measures are designed to ensure the security and confidentiality of your Personal Data.

We also require our service providers, subcontractors, and partners to provide sufficient guarantees and implement appropriate security measures to protect the Personal Data they process, in accordance with applicable data protection regulations.

However, each client and User acknowledges that the Internet is not a fully secure environment, and our websites cannot guarantee the security of information transmitted or stored online.

LINKS TO THIRD-PARTY SITES

Our websites may include links or features directing you to third-party sites that we do not own or control. If you click on one of these links or use such features, you do so at your own risk.

We are not responsible for the content or practices of any third-party site, application, or feature. This Privacy Policy therefore does not apply to such third-party sites.

We encourage you to review the privacy and data protection policies of those third-party sites.

RETENTION OF PERSONAL DATA

We retain your Personal Data for a period proportionate to the stated purpose of processing and in compliance with applicable European and French legal and regulatory requirements.

For commercial and marketing communications, your data is retained for a maximum of three years from the end of our commercial relationship if you are a client of MOMA GROUP or one of its subsidiaries, or three years from your last contact if you are not a client but simply a User of our websites or a newsletter subscriber.

Personal Data provided in connection with job applications is retained for two (2) years from the date it is submitted or from our last contact with you. At the end of this two-year period, we may contact you to ask whether you wish us to retain your Personal Data in order to inform you of future opportunities matching your professional aspirations and skills.

Data collected in response to a specific request is retained for the time necessary to handle your request and inquiries. It will then be deleted or anonymized, unless we are legally required to retain it for the applicable statutory limitation period.

Video recordings made within our establishments are retained for one month, unless extended due to investigations, particularly in cases of suspected fraud.

Credit card data is deleted from our operational databases once the transaction has been completed but may be archived for up to 13 months after collection in order to address potential disputes.

With the exception of technical cookies, cookies stored on your device (computer, tablet, mobile phone) are retained for 13 months.

EXERCISING YOUR RIGHTS

Under applicable regulations, you have the following rights:

The right to access the Personal Data we hold about you;

The right to request that we update or correct any outdated or inaccurate Personal Data;

The right to object to receiving commercial communications;

The right to erasure of your Personal Data where the conditions of Article 17 of the GDPR are met;

The right to restriction of processing where the conditions of Article 18 of the GDPR are met;

The right to data portability where the conditions of Article 20 of the GDPR are met;

The right to define instructions regarding the handling of your Personal Data after your death;

The right to object to the processing of your Personal Data where the conditions of Article 21 of the GDPR are met; and

The right to lodge a complaint with a supervisory authority, namely in France the CNIL (https://www.cnil.fr/fr/plaintes).

Where the processing of your Personal Data is based on your consent, you may withdraw it at any time without justification. This right may be exercised by modifying your newsletter subscription preferences using the link provided on our websites.

To respond to your requests, we may ask you to provide proof of identity and may request additional information or documentation if necessary.

Please note that even if you exercise your right to erasure or restriction of processing, we may retain certain Personal Data where required by law or to exercise or defend our legal rights.

HOW TO EXERCISE YOUR DATA PROTECTION RIGHTS

You may exercise your data protection rights as follows:

By mail at the following address:

Data Protection Officer

12 rue de Presbourg

75116 Paris

France

By email at: dpo@moma-group.com

COOKIE POLICY

WHAT IS A COOKIE?

Your internet browser includes a feature known as “cookies.” A cookie is a small text file stored on your device. It allows status information to be retained for the duration of its validity when a browser accesses different pages of a website or returns to that website later.

WHAT COOKIES DO WE USE?

The cookies we place on our websites and social media platforms are used for the purposes described below, subject to the choices you express during your visits and which you may modify at any time.

Technical cookies

These cookies are necessary for navigation. Without them, our websites would not function properly. They allow us, for example, to adapt the display of our websites to your device preferences (language, screen resolution), and to remember passwords and other information entered into forms.

Statistical cookies

These cookies allow us to compile statistics and measure traffic and usage of various sections and content of our websites (pages visited, browsing paths, time spent), enabling us to improve the relevance and usability of our services.

Social media cookies

These cookies enable you to share our content on social networks such as Facebook, Twitter, LinkedIn, etc. Even if you do not use these sharing buttons, social networks may track your browsing if your account or session is active on your device at that time. If you do not wish a social network to link information collected through our websites to your user account, you must log out of the relevant social network beforehand.

Advertising cookies

These cookies are used to display advertisements or send you information tailored to your interests, whether on our websites or elsewhere during your browsing. They are used in particular to limit the number of times you see an advertisement and to measure the effectiveness of advertising campaigns. These cookies are primarily managed by advertising networks.

PURPOSES OF COOKIE USE

When you visit our websites and social media platforms, we may, depending on your browser settings, install cookies on your computer, tablet, or phone.

We may read the cookies we have installed for the duration of each cookie’s validity or until you delete it.

We use cookies on our websites to:

Facilitate navigation and ensure proper display of our pages (session cookies);

Remember your preferences, display choices, configuration settings, or language selection;

Identify whether you have come from another MOMA GROUP site or a partner site;

Analyze our website’s performance based on anonymous browsing information (such as pages viewed, number of visits, etc.). For this purpose, we use the “Google Analytics” analysis tool.

The cookies we use do not allow us to personally identify you and are intended solely for use by MOMA GROUP.

MANAGING CONSENT FOR COOKIES

Article 5(3) of Directive 2002/58/EC, as amended in 2009 and transposed into French law under Article 82 of the French Data Protection Act, establishes the principle of:

Prior user consent before storing information on a user’s device or accessing information already stored on it;

Except where such actions are strictly necessary to provide an online communication service expressly requested by the user or are solely intended to enable or facilitate electronic communication.

We comply with these provisions. Therefore, during your first visit to our websites and social media platforms, you are asked to provide prior consent for cookies related to personalized advertising and social media cookies, including those generated by sharing buttons.

You may disable these cookies at any time thereafter.

However, your prior consent is not required for the following cookies:

Cookies that record your cookie preferences;

Cookies intended for authentication to a service, including those ensuring the security of the authentication mechanism (for example, limiting automated or unexpected login attempts);

Cookies used to personalize the user interface (such as language or presentation preferences) where such personalization is an intrinsic and expected element of the service;

Cookies used for load balancing of equipment involved in providing a communication service.

Your browser can be configured to notify you of cookies placed on your computer, tablet, or mobile phone and to ask whether you wish to accept them.

You may also accept or refuse cookies on our websites and social media platforms on a case-by-case basis or refuse them systematically. You can choose which cookies to accept and which to refuse.

Ran, Andia Marseille, Elysées Biarritz, Bœuf sur le Toit, CASA AMOR, CAFE LAPEROUSE CONCORDE, MAMO, Froufrou, Food Society, Forest Marseille, Cipriani, l’Arc Paris, Andia, Deepfish, Mimosa, Café Lapérouse, Lapérouse Paris, Globo, HaSalon, Forest, Manko Paris, Micho, Pavillon Etoile, Pavillon Presbourg, Rural By, Shellona, Rural Megève, Club 13, Noto, Galerie Bourbon, Tortuga Creatures, Manko Saint Tropez, Victoria, Shellona

You may change your preferences at any time by clicking on the “cookie preferences” button available directly on our websites and social media platforms.