Ma Société attaches the greatest importance to the protection of your personal data. This policy describes how we collect, use and protect your data, in accordance with the General Data Protection Regulation (GDPR — EU Regulation 2016/679).

1. Data controller

• Identity: Ma Société
• Address: [adresse à compléter]
• Email: [Information à compléter]

2. Data collected

2.1 Booking data

• Name, email address, phone number
• Pick-up and drop-off addresses, date and time
• Flight number (where applicable)
• Payment method (card data is not stored)

2.2 Contact data

• Name, email, phone, message content
• Hashed IP address (for spam prevention)

2.3 Browsing data

• Analytics data via Google Tag Manager / Google Analytics (anonymised)
• Anonymised IP address

3. Purposes of processing

• Managing and fulfilling journey bookings
• Customer communications (confirmations, reminders, follow-up)
• Handling contact and quote requests
• Improving our services and website
• Anonymised audience analytics
• Fraud and abuse prevention
• Compliance with legal and accounting obligations

4. Legal basis

• Contract performance: booking management (Art. 6.1.b GDPR)
• Legitimate interest: analytics, fraud prevention (Art. 6.1.f GDPR)
• Consent: non-essential cookies (Art. 6.1.a GDPR)
• Legal obligation: accounting record retention (Art. 6.1.c GDPR)

5. Retention period

• Booking data: 5 years from the journey date (accounting obligation)
• Contact messages: 3 years from last interaction
• Analytics data: 26 months (Google Analytics setting)

6. Recipients

• Supabase Inc. (database, USA) — GDPR-compliant data processing agreement
• Resend Inc. (transactional email, USA) — GDPR-compliant
• Vercel Inc. (hosting, USA) — GDPR-compliant
• Google LLC (Tag Manager, Analytics) — anonymised data
• Stripe Inc. (online payments, where applicable) — PCI-DSS certified

No personal data is sold or disclosed to third parties for commercial purposes.

7. Your rights

Under the GDPR, you have the right to: access, rectify, erase, restrict, object to and port your personal data, and to withdraw consent at any time.

To exercise these rights, contact us at: [Information à compléter]. We will respond within one month. You also have the right to lodge a complaint with your national supervisory authority (in France: CNIL).

8. International transfers

Some of our sub-processors (Supabase, Vercel, Resend, Google) are based in the United States. Transfers are governed by Standard Contractual Clauses (SCCs) approved by the European Commission, or the EU-U.S. Data Privacy Framework where applicable.

9. Security

Ma Société implements appropriate technical and organisational measures to protect your data: HTTPS encryption, restricted data access, two-factor authentication for admin access.

10. Cookies

For information about the cookies used on our website and how to manage your preferences, please see our Cookie Policy.

11. Contact

• Email: [Information à compléter]
• Post: Ma Société — [adresse à compléter]